From c7ffa4193e5406ccb2d5d8fdf9eb480f65f76bb5 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 13:48:49 +0300 Subject: [PATCH 01/11] Add rule file_etc_security_opasswd to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../file_etc_security_opasswd/ansible/shared.yml | 2 +- .../file_etc_security_opasswd/bash/shared.sh | 2 +- .../file_etc_security_opasswd/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 40790d4ea17..887f907bd77 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1100,8 +1100,9 @@ controls: levels: - medium title: SLEM 5 must employ a password history file. - rules: [] - status: pending + rules: + - file_etc_security_opasswd + status: automated - id: SLEM-05-611080 levels: diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml index 14067f3b9b9..1fc282c25f0 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh index 6fa4a3059dc..7e69037f7e9 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # Create /etc/security/opasswd if needed # Owner group mode root.root 0600 diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml index 8a09a58837d..a17c9dd6299 100644 --- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml @@ -19,6 +19,7 @@ identifiers: cce@rhel10: CCE-86980-0 cce@sle12: CCE-83172-7 cce@sle15: CCE-85572-6 + cce@slmicro5: CCE-93687-2 references: disa: CCI-000200 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 49580916465..eea2e2e0e5d 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93687-2 CCE-93688-0 CCE-93689-8 CCE-93690-6 From ab48392d359144601fa24688b589eec024c6bbe7 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 13:51:58 +0300 Subject: [PATCH 02/11] Add rule account_disable_post_pw_expiration to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../account_disable_post_pw_expiration/ansible/shared.yml | 2 +- .../account_disable_post_pw_expiration/bash/shared.sh | 2 +- .../account_disable_post_pw_expiration/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 887f907bd77..bbadf11573b 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -853,8 +853,9 @@ controls: title: SLEM 5 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration. - rules: [] - status: pending + rules: + - account_disable_post_pw_expiration + status: automated - id: SLEM-05-411075 levels: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml index 74598bc7e0c..84f13bfea83 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh index f299285d474..77aa71dd918 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index 6ea41b0fffd..7475fb25d78 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -30,6 +30,7 @@ identifiers: cce@rhel10: CCE-88966-7 cce@sle12: CCE-83051-3 cce@sle15: CCE-85558-5 + cce@slmicro5: CCE-93688-0 references: cis-csc: 1,12,13,14,15,16,18,3,5,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index eea2e2e0e5d..eeb45e03e61 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93688-0 CCE-93689-8 CCE-93690-6 CCE-93691-4 From eff5340fcc1acc970865492a0e26100b4dd03a2b Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 13:54:52 +0300 Subject: [PATCH 03/11] Add rule set_password_hashing_algorithm_logindefs to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 6 ++++-- .../ansible/shared.yml | 2 +- .../set_password_hashing_algorithm_logindefs/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index bbadf11573b..3cfefe4b4ee 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1129,8 +1129,10 @@ controls: title: SLEM 5 must employ FIPS 140-2/140-3 approved cryptographic hashing algorithm for system authentication (login.defs). - rules: [] - status: pending + rules: + - set_password_hashing_algorithm_logindefs + - var_password_hashing_algorithm=SHA512 + status: automated - id: SLEM-05-611095 levels: diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml index 8dedf993cfa..e0b6d68db53 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index 521ead63a2c..bcc0fbfe493 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -23,6 +23,7 @@ identifiers: cce@rhel10: CCE-89508-6 cce@sle12: CCE-83029-9 cce@sle15: CCE-83279-0 + cce@slmicro5: CCE-93689-8 references: cis-csc: 1,12,15,16,5 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index eeb45e03e61..92bec334d48 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93689-8 CCE-93690-6 CCE-93691-4 CCE-93692-2 From 111505cbf0fbefec6b788d56cf50c1a0cb749e01 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:00:41 +0300 Subject: [PATCH 04/11] Add rule sshd_use_approved_macs_ordered_stig to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../sshd_use_approved_macs_ordered_stig/ansible/shared.yml | 2 +- .../sshd_use_approved_macs_ordered_stig/bash/shared.sh | 2 +- .../ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml | 1 + .../tests/correct_reduced_list.pass.sh | 2 +- shared/references/cce-slmicro5-avail.txt | 1 - 6 files changed, 7 insertions(+), 6 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 3cfefe4b4ee..bc7747374f7 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -639,8 +639,9 @@ controls: title: SLEM 5 SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms. - rules: [] - status: pending + rules: + - sshd_use_approved_macs_ordered_stig + status: automated - id: SLEM-05-255055 levels: diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/ansible/shared.yml index e87e33dc944..0e2f5906e04 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle,multi_platform_ubuntu +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/bash/shared.sh index a2ea17f05cb..7a49df56100 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle,multi_platform_ubuntu +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu {{%- if 'ubuntu' in product %}} {{{ bash_instantiate_variables('sshd_approved_macs') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml index a999212de04..2d3634db683 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml @@ -24,6 +24,7 @@ severity: medium identifiers: cce@sle15: CCE-83280-8 + cce@slmicro5: CCE-93690-6 references: disa: CCI-000068,CCI-000803,CCI-000877,CCI-001453,CCI-003123 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh index 17ff9f0aa77..e0a7f0ac594 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro if grep -q "^MACs" /etc/ssh/sshd_config; then sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 92bec334d48..8eae92cab85 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93690-6 CCE-93691-4 CCE-93692-2 CCE-93693-0 From c50f7a4e8211d78a67d9a268c363476a2e04040b Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:05:05 +0300 Subject: [PATCH 05/11] Add rule sshd_use_approved_macs to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 1 + .../ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml | 2 +- .../ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh | 2 +- .../ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml | 4 ++-- .../services/ssh/ssh_server/sshd_use_approved_macs/rule.yml | 3 ++- shared/references/cce-slmicro5-avail.txt | 1 - 6 files changed, 7 insertions(+), 6 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index bc7747374f7..4700ec3db8b 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -641,6 +641,7 @@ controls: (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms. rules: - sshd_use_approved_macs_ordered_stig + - sshd_use_approved_macs status: automated - id: SLEM-05-255055 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml index e186ea31f4a..6f2b46b3278 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh index 57344cfbabd..8b420b23a4e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle,multi_platform_ubuntu +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu {{{ bash_instantiate_variables("sshd_approved_macs") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml index 9dbb548f12a..96a9320dbc8 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/oval/shared.xml @@ -8,7 +8,7 @@ - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} @@ -19,7 +19,7 @@ - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml index 5e6a3fb0ccf..6d2fb08c867 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml @@ -7,7 +7,7 @@ description: |- Limit the MACs to those hash algorithms which are FIPS-approved. The following line in /etc/ssh/sshd_config demonstrates use of FIPS-approved MACs: -{{% if product in ["sle12", "sle15"] %}} +{{% if product in ["sle12", "sle15", "slmicro5"] %}} 
MACs hmac-sha2-512,hmac-sha2-256
{{% else %}} 
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
@@ -43,6 +43,7 @@ identifiers: cce@rhel8: CCE-82198-3 cce@sle12: CCE-83036-4 cce@sle15: CCE-91338-4 + cce@slmicro5: CCE-93691-4 references: cis-csc: 1,12,13,15,16,5,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 8eae92cab85..ed8e157b7ad 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93691-4 CCE-93692-2 CCE-93693-0 CCE-93694-8 From 4812c73c67f4d0fa6661e54a695ea2b421d423f2 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:08:53 +0300 Subject: [PATCH 06/11] Add rule sshd_set_idle_timeout to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 6 ++++-- .../ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml | 4 ++-- .../services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 4700ec3db8b..207532c74bd 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -609,8 +609,10 @@ controls: title: SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive. - rules: [] - status: pending + rules: + - sshd_set_idle_timeout + - sshd_idle_timeout_value=10_minutes + status: automated - id: SLEM-05-255040 levels: diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml index c001dfe9a6a..04b6e082839 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml @@ -7,7 +7,7 @@ - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} @@ -18,7 +18,7 @@ - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index b42ad4a6598..e5a558f7dcd 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -31,6 +31,7 @@ identifiers: cce@rhel10: CCE-90362-5 cce@sle12: CCE-83027-3 cce@sle15: CCE-83281-6 + cce@slmicro5: CCE-93692-2 references: cis-csc: 1,12,13,14,15,16,18,3,5,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index ed8e157b7ad..e06231fab2b 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93692-2 CCE-93693-0 CCE-93694-8 CCE-93695-5 From 5787773454e4150fbc281fb0538a09cf7962af89 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:11:59 +0300 Subject: [PATCH 07/11] Update 10-oval.jinja macro to support SLE Micro 5 --- shared/macros/10-oval.jinja | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/shared/macros/10-oval.jinja b/shared/macros/10-oval.jinja index f5ca560d387..4db8c9ffb58 100644 --- a/shared/macros/10-oval.jinja +++ b/shared/macros/10-oval.jinja @@ -741,7 +741,7 @@ datatype="{{{ datatype }}}" version="1"> - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} @@ -759,7 +759,7 @@ datatype="{{{ datatype }}}" version="1"> - {{% if product in ['opensuse', 'sle12', 'sle15'] %}} + {{% if product in ['opensuse', 'sle12', 'sle15', 'slmicro5'] %}} {{% else %}} @@ -1081,7 +1081,7 @@ datatype="{{{ datatype }}}" version="1"> - {{% if product in ['opensuse', 'sle12','sle15'] %}} + {{% if product in ['opensuse', 'sle12','sle15', 'slmicro5'] %}} {{% else %}} @@ -1092,7 +1092,7 @@ datatype="{{{ datatype }}}" version="1"> - {{% if product in ['opensuse', 'sle12','sle15'] %}} + {{% if product in ['opensuse', 'sle12','sle15', 'slmicro5'] %}} {{% else %}} From edf239ca5c8686482ec62f4471b144c7ff66ac6f Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:15:18 +0300 Subject: [PATCH 08/11] Add rule dir_perms_world_writable_sticky_bits to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../dir_perms_world_writable_sticky_bits/ansible/shared.yml | 2 +- .../dir_perms_world_writable_sticky_bits/bash/shared.sh | 2 +- .../files/dir_perms_world_writable_sticky_bits/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 207532c74bd..bf143b1319b 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -372,8 +372,9 @@ controls: levels: - medium title: The sticky bit must be set on all SLEM 5 world-writable directories. - rules: [] - status: pending + rules: + - dir_perms_world_writable_sticky_bits + status: automated - id: SLEM-05-232115 levels: diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml index dcb2b99b7d9..33caa81c906 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh index 91b3495c9c9..e488cceebdc 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu df --local -P | awk '{if (NR!=1) print $6}' \ | xargs -I '$6' find '$6' -xdev -type d \ \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml index b19f25b0d46..69d08bf046a 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml @@ -32,6 +32,7 @@ identifiers: cce@rhel10: CCE-88397-5 cce@sle12: CCE-83047-1 cce@sle15: CCE-83282-4 + cce@slmicro5: CCE-93693-0 references: cis-csc: 12,13,14,15,16,18,3,5 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index e06231fab2b..9692324c7b5 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93693-0 CCE-93694-8 CCE-93695-5 CCE-93696-3 From f3c85e60b46361e20cfb3eec14d2bc6628e87aa9 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:43:19 +0300 Subject: [PATCH 09/11] Add rule sshd_set_keepalive to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 6 ++++-- .../services/ssh/ssh_server/sshd_set_keepalive/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index bf143b1319b..1bf8ae2ff9c 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -601,8 +601,10 @@ controls: title: SLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive. - rules: [] - status: pending + rules: + - sshd_set_keepalive + - var_sshd_set_keepalive=1 + status: automated - id: SLEM-05-255035 levels: diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml index d0fe7b739ed..14b5b7f6fab 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml @@ -30,6 +30,7 @@ identifiers: cce@rhel10: CCE-86794-5 cce@sle12: CCE-83034-9 cce@sle15: CCE-91228-7 + cce@slmicro5: CCE-93694-8 references: cis-csc: 1,12,13,14,15,16,18,3,5,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 9692324c7b5..60c15a8c605 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93694-8 CCE-93695-5 CCE-93696-3 CCE-93697-1 From d1606924a85b907dde41f40470bb7f614106cfe4 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 14:53:26 +0300 Subject: [PATCH 10/11] Add rule file_permissions_local_var_log_messages to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../ansible/shared.yml | 2 +- .../file_permissions_local_var_log_messages/bash/shared.sh | 2 +- .../file_permissions_local_var_log_messages/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 1bf8ae2ff9c..6c318faecb3 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -380,8 +380,9 @@ controls: levels: - medium title: SLEM 5 must prevent unauthorized users from accessing system error messages. - rules: [] - status: pending + rules: + - file_permissions_local_var_log_messages + status: automated - id: SLEM-05-232120 levels: diff --git a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/ansible/shared.yml b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/ansible/shared.yml index 88589b6185f..711837da0b4 100644 --- a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/ansible/shared.yml +++ b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = false # complexity = low # strategy = configure diff --git a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/bash/shared.sh b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/bash/shared.sh index fa3c7b0b957..458e3f1b553 100644 --- a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/bash/shared.sh +++ b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro CORRECT_PERMISSIONS="/var/log/messages root:root 640" err_cnt=0 diff --git a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml index eff4ff560cd..6cf53bc8589 100644 --- a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml +++ b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml @@ -28,6 +28,7 @@ severity: medium identifiers: cce@sle12: CCE-83112-3 cce@sle15: CCE-83285-7 + cce@slmicro5: CCE-93695-5 references: disa: CCI-001314 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 60c15a8c605..e663233df2b 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93695-5 CCE-93696-3 CCE-93697-1 CCE-93698-9 From f908dbe2affc20ef7fe1979e40d0d5d8059c5ee0 Mon Sep 17 00:00:00 2001 From: svet-se Date: Tue, 13 Aug 2024 15:01:39 +0300 Subject: [PATCH 11/11] Add rule sshd_use_approved_kex_ordered_stig to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../sshd_use_approved_kex_ordered_stig/ansible/shared.yml | 2 +- .../sshd_use_approved_kex_ordered_stig/bash/shared.sh | 2 +- .../sshd_use_approved_kex_ordered_stig/oval/shared.xml | 8 ++++---- .../sshd_use_approved_kex_ordered_stig/rule.yml | 5 +++-- .../tests/comment.fail.sh | 2 +- .../sshd_use_approved_kex_ordered_stig/tests/common.sh | 4 ++-- .../tests/correct_reduced_list.pass.sh | 2 +- .../tests/correct_scrambled.fail.sh | 2 +- .../tests/correct_value.pass.sh | 2 +- .../tests/line_not_there.fail.sh | 2 +- .../tests/no_parameters.fail.sh | 2 +- .../tests/wrong_value.fail.sh | 2 +- shared/references/cce-slmicro5-avail.txt | 1 - 14 files changed, 21 insertions(+), 20 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 6c318faecb3..4c6a08dbdf6 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -656,8 +656,9 @@ controls: title: SLEM 5 SSH server must be configured to use only FIPS 140-2/140-3 validated key exchange algorithms. - rules: [] - status: pending + rules: + - sshd_use_approved_kex_ordered_stig + status: automated - id: SLEM-05-255060 levels: diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/ansible/shared.yml index f13ba1b93dd..3dcb19d5cda 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle,multi_platform_ubuntu +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/bash/shared.sh index c6f253b9dd3..27a379d79a5 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,multi_platform_sle,multi_platform_ubuntu +# platform = Oracle Linux 7,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu KEX_ALGOS="ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,\ diffie-hellman-group-exchange-sha256" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml index 1237d53114a..3abf19669cc 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml @@ -1,4 +1,4 @@ -{{% if product in ['ol8','rhel8'] %}} +{{% if product in ['ol8', 'rhel8'] %}} {{% set path='/etc/crypto-policies/back-ends/opensshserver.config' %}} {{% set prefix_conf="^\s*CRYPTO_POLICY\s*=.*-oKexAlgorithms=" %}} {{% set kex_algos=["ecdh-sha2-nistp256","ecdh-sha2-nistp384", @@ -6,7 +6,7 @@ "diffie-hellman-group14-sha256","diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512"] %}} {{% set sufix_conf="(\s.*)?'" %}} -{{% elif product in ['ol7', 'sle12','sle15','ubuntu2004'] %}} +{{% elif product in ['ol7', 'sle12', 'sle15', 'slmicro5', 'ubuntu2004'] %}} {{% set path='/etc/ssh/sshd_config' %}} {{% set prefix_conf="^\s*KexAlgorithms\s*" %}} {{% set kex_algos=["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521", @@ -26,7 +26,7 @@ - {{% if product in ['sle12', 'sle15'] %}} + {{% if product in ['sle12', 'sle15', 'slmicro5'] %}} {{% else %}} @@ -37,7 +37,7 @@ - {{% if product in ['sle12', 'sle15'] %}} + {{% if product in ['sle12', 'sle15', 'slmicro5'] %}} {{% else %}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml index db81f3db9c9..bfd521ac185 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml @@ -1,4 +1,4 @@ -{{% if product in ['ol8','rhel8'] %}} +{{% if product in ['ol8', 'rhel8'] %}} {{% set path='/etc/crypto-policies/back-ends/opensshserver.config' %}} {{% set conf="CRYPTO_POLICY='-oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384" ~ ",ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" ~ @@ -8,7 +8,7 @@ {{% set path='/etc/ssh/sshd_config' %}} {{% set conf="KexAlgorithms ecdh-sha1-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521" ~ ",diffie-hellman-group-exchange-sha256" %}} -{{% elif product in ['sle12','sle15','ubuntu2004', 'ubuntu2204'] %}} +{{% elif product in ['sle12', 'sle15', 'slmicro5', 'ubuntu2004', 'ubuntu2204'] %}} {{% set path='/etc/ssh/sshd_config' %}} {{% set conf="KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521" ~ ",diffie-hellman-group-exchange-sha256" %}} @@ -39,6 +39,7 @@ identifiers: cce@rhel8: CCE-86059-3 cce@sle12: CCE-92336-7 cce@sle15: CCE-92505-7 + cce@slmicro5: CCE-93696-3 references: disa: CCI-001453 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh index 4319832c0e5..925d9862f44 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/common.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/common.sh index 43e7736dd0f..5431573a6b8 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/common.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/common.sh @@ -1,11 +1,11 @@ #!/bin/bash -{{% if product in ['ol8','rhel8'] %}} +{{% if product in ['ol8', 'rhel8'] %}} FILE_PATH='/etc/crypto-policies/back-ends/opensshserver.config' CONF_PREFIX="CRYPTO_POLICY='-oKexAlgorithms=" KEX_ALGOS="ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" CONF_SUFIX="'" CONF_PREFIX_REGEX="^\s*CRYPTO_POLICY" -{{% elif product in ['ol7', 'sle12','sle15','ubuntu2004', 'ubuntu2204'] %}} +{{% elif product in ['ol7', 'sle12', 'sle15', 'slmicro5', 'ubuntu2004', 'ubuntu2204'] %}} FILE_PATH='/etc/ssh/sshd_config' FILE_PATH_CONFIGDIR='/etc/ssh/sshd_config.d' CONF_PREFIX="KexAlgorithms " diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh index 5e724620515..a2af968bbea 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh index dfe21de8127..b99287bd4d0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh index 63774b1e3e8..0dc5ce52d4d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh index a9ddcf7c171..d0fdba3e074 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh index 682758a9df0..46040718ab9 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh index 4cac68a128c..15cf3f7fa42 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu source common.sh diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index e663233df2b..807ae4aee99 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -21,7 +21,6 @@ CCE-93683-1 CCE-93684-9 CCE-93685-6 CCE-93686-4 -CCE-93696-3 CCE-93697-1 CCE-93698-9 CCE-93699-7