diff --git a/controls/cis_slmicro5.yml b/controls/cis_slmicro5.yml
new file mode 100644
index 00000000000..db7acb15e58
--- /dev/null
+++ b/controls/cis_slmicro5.yml
@@ -0,0 +1,2331 @@
+policy: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5'
+title: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5'
+id: cis_slmicro5
+version: 'Draft'
+source: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+product: slmicro5
+levels:
+ - id: l1_server
+ - id: l2_server
+ inherits_from:
+ - l1_server
+ - id: l1_workstation
+ - id: l2_workstation
+ inherits_from:
+ - l1_workstation
+
+controls:
+ - id: 1.1.1.1
+ title: Ensure mounting of squashfs filesystems is disabled
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - kernel_module_cramfs_disabled
+ - kernel_module_squashfs_disabled
+
+ - id: 1.1.1.2
+ title: Ensure mounting of udf filesystems is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - kernel_module_udf_disabled
+
+ - id: 1.1.1.3
+ title: Ensure mounting of FAT filesystems is limited
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - kernel_module_vfat_disabled
+
+ - id: 1.1.2
+ title: Ensure /tmp is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.3
+ title: Ensure noexec option set on /tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.4
+ title: Ensure nodev option set on /tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.5
+ title: Ensure nosuid option set on /tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.6
+ title: Ensure /dev/shm is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - partition_for_dev_shm
+
+ - id: 1.1.7
+ title: Ensure noexec option set on /dev/shm partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_dev_shm_noexec
+
+ - id: 1.1.8
+ title: Ensure nodev option set on /dev/shm partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_dev_shm_nodev
+
+ - id: 1.1.9
+ title: Ensure nosuid option set on /dev/shm partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_dev_shm_nosuid
+
+ - id: 1.1.10
+ title: Ensure separate partition exists for /var
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - partition_for_var
+
+ - id: 1.1.11
+ title: Ensure separate partition exists for /var/tmp
+ levels:
+ - l2_server
+ - l2_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.12
+ title: Ensure noexec option set on /var/tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.13
+ title: Ensure nodev option set on /var/tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.14
+ title: Ensure nosuid option set on /var/tmp partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.15
+ title: Ensure separate partition exists for /var/log
+ levels:
+ - l2_server
+ - l2_workstation
+ status: pending
+ rules: []
+
+ - id: 1.1.16
+ title: Ensure separate partition exists for /var/log/audit
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - partition_for_var_log_audit
+
+ - id: 1.1.17
+ title: Ensure separate partition exists for /home
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - partition_for_home
+
+ - id: 1.1.18
+ title: Ensure nodev option set on /home partition
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_home_nodev
+
+ - id: 1.1.19
+ title: Ensure noexec option set on removable media partitions (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_noexec_removable_partitions
+
+ - id: 1.1.20
+ title: Ensure nodev option set on removable media partitions (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_nodev_removable_partitions
+
+ - id: 1.1.21
+ title: Ensure nosuid option set on removable media partitions (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - mount_option_nosuid_removable_partitions
+
+ - id: 1.1.22
+ title: Ensure sticky bit is set on all world-writable directories
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - dir_perms_world_writable_sticky_bits
+
+ - id: 1.1.23
+ title: Disable Automounting
+ levels:
+ - l1_server
+ - l2_workstation
+ status: automated
+ rules:
+ - service_autofs_disabled
+ - kernel_module_usb-storage_disabled
+
+ - id: 1.2.1
+ title: Ensure GPG keys are configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - ensure_GPG_keys_are_configured
+
+ - id: 1.2.2
+ title: Ensure package manager repositories are configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - ensure_package_repositories_are_configured
+
+ - id: 1.2.3
+ title: Ensure gpgcheck is globally activated
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_never_disabled
+
+ - id: 1.3.1
+ title: Ensure sudo is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_sudo_installed
+
+ - id: 1.3.2
+ title: Ensure sudo commands use pty
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sudo_add_use_pty
+
+ - id: 1.3.3
+ title: Ensure sudo log file exists
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - var_sudo_logfile=var_log_sudo_log
+ - sudo_custom_logfile
+
+ - id: 1.4.1
+ title: Ensure AIDE is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_aide_installed
+ - aide_build_database
+
+ - id: 1.4.2
+ title: Ensure filesystem integrity is regularly checked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - aide_periodic_checking_systemd_timer
+
+ - id: 1.5.1
+ title: Ensure bootloader password is set
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - grub2_password
+ - grub2_uefi_password
+
+ - id: 1.5.2
+ title: Ensure permissions on bootloader config are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_grub2_cfg
+ - file_owner_grub2_cfg
+ - file_permissions_grub2_cfg
+
+ - id: 1.5.3
+ title: Ensure authentication required for single user mode
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - require_emergency_target_auth
+ - require_singleuser_auth
+
+ - id: 1.6.1
+ title: Ensure core dumps are restricted
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - disable_users_coredumps
+ - sysctl_fs_suid_dumpable
+ - coredump_disable_backtraces
+ - coredump_disable_storage
+
+ - id: 1.6.2
+ title: Ensure XD/NX support is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ Automatic remediation of these rules is not available.
+ rules:
+ - bios_enable_execution_restrictions
+ - install_PAE_kernel_on_x86-32
+
+ - id: 1.6.3
+ title: Ensure address space layout randomization (ASLR) is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_kernel_randomize_va_space
+
+ - id: 1.6.4
+ title: Ensure prelink is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - disable_prelink
+
+ - id: 1.7.1.1
+ title: Ensure AppArmor is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_pam_apparmor_installed
+
+ - id: 1.7.1.2
+ title: Ensure AppArmor is enabled in the bootloader configuration
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.7.1.3
+ title: Ensure all AppArmor Profiles are in enforce or complain mode
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 1.7.1.4
+ title: Ensure all AppArmor Profiles are enforcing
+ levels:
+ - l2_server
+ - l2_workstation
+ status: pending
+ rules: []
+
+ - id: 1.8.1.1
+ title: Ensure message of the day is configured properly
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - banner_etc_motd
+ - motd_banner_text=cis_banners
+
+ - id: 1.8.1.2
+ title: Ensure local login warning banner is configured properly
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - banner_etc_issue
+ - login_banner_text=cis_banners
+
+ - id: 1.8.1.3
+ title: Ensure remote login warning banner is configured properly
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - banner_etc_issue_net
+ - remote_login_banner_text=cis_banners
+
+ - id: 1.8.1.4
+ title: Ensure permissions on /etc/motd are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_motd
+ - file_owner_etc_motd
+ - file_permissions_etc_motd
+
+ - id: 1.8.1.5
+ title: Ensure permissions on /etc/issue are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_issue
+ - file_owner_etc_issue
+ - file_permissions_etc_issue
+
+ - id: 1.8.1.6
+ title: Ensure permissions on /etc/issue.net are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_issue_net
+ - file_owner_etc_issue_net
+ - file_permissions_etc_issue_net
+
+ - id: 1.9
+ title: Ensure updates, patches, and additional security software are installed (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - security_patches_up_to_date
+
+ - id: 1.10
+ title: Ensure GDM login banner is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ notes: |-
+ The idea of the requirement is to have either package_gdm_removed rule
+ or the rest of the rules as they are mutually exclusive.
+ rules:
+ - login_banner_text=cis_default
+
+ - id: 2.1.1
+ title: Ensure xinetd is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_xinetd_removed
+ - service_xinetd_disabled
+ - package_tcp_wrappers_removed
+
+ - id: 2.2.1.1
+ title: Ensure time synchronization is in use
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_chrony_installed
+
+ - id: 2.2.1.3
+ title: Ensure chrony is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - chronyd_run_as_chrony_user
+ - chronyd_configure_pool_and_server
+ - var_multiple_time_servers=suse
+ - var_multiple_time_pools=suse
+
+ - id: 2.2.2
+ title: Ensure X11 Server components are not installed
+ levels:
+ - l1_server
+ status: automated
+ notes: >-
+ The rule also configures correct run level to prevent unbootable system.
+ rules:
+ - package_xorg-x11-server-common_removed
+ - xwindows_remove_packages
+
+ - id: 2.2.3
+ title: Ensure Avahi Server is not installed
+ levels:
+ - l1_server
+ - l2_workstation
+ status: automated
+ rules:
+ - service_avahi-daemon_disabled
+ - package_avahi_removed
+ - package_avahi-autoipd_removed
+
+ - id: 2.2.4
+ title: Ensure CUPS is not installed
+ levels:
+ - l1_server
+ status: automated
+ rules:
+ - service_cups_disabled
+ - package_cups_removed
+
+ - id: 2.2.5
+ title: Ensure DHCP Server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_dhcp_removed
+ - package_dhcp_client_removed
+ - service_dhcpd_disabled
+
+
+ - id: 2.2.6
+ title: Ensure LDAP server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_openldap-servers_removed
+
+ - id: 2.2.7
+ title: Ensure nfs-utils is not installed or the nfs-server service is masked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_nfs_disabled
+ - package_nfs-utils_removed
+
+ - id: 2.2.8
+ title: Ensure rpcbind is not installed or the rpcbind services are masked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 2.2.9
+ title: Ensure DNS Server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_named_disabled
+ - package_bind_removed
+
+ - id: 2.2.10
+ title: Ensure FTP Server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_vsftpd_disabled
+ - package_vsftpd_removed
+
+ - id: 2.2.11
+ title: Ensure HTTP server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ Only httpd/apache2 is currently covered by this rule.
+ rules:
+ - service_httpd_disabled
+ - package_httpd_removed
+
+ - id: 2.2.12
+ title: Ensure IMAP and POP3 server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_dovecot_disabled
+ - package_dovecot_removed
+
+ - id: 2.2.13
+ title: Ensure Samba is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_smb_disabled
+ - package_samba_removed
+
+ - id: 2.2.14
+ title: Ensure HTTP Proxy Server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_squid_disabled
+ - package_squid_removed
+
+ - id: 2.2.15
+ title: Ensure net-snmp is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_snmpd_disabled
+ - package_net-snmp_removed
+
+ - id: 2.2.16
+ title: Ensure mail transfer agent is configured for local-only mode
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - postfix_network_listening_disabled
+ - var_postfix_inet_interfaces=loopback-only
+
+
+ - id: 2.2.18
+ title: Ensure NIS server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_ypserv_removed
+
+ - id: 2.2.19
+ title: Ensure telnet-server is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_telnet-server_removed
+
+ - id: 2.3.1
+ title: Ensure NIS Client is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_ypbind_removed
+
+ - id: 2.3.2
+ title: Ensure rsh client is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_rsh_removed
+
+ - id: 2.3.3
+ title: Ensure talk client is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_talk_removed
+
+ - id: 2.3.4
+ title: Ensure telnet client is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_telnet_removed
+
+ - id: 2.3.5
+ title: Ensure LDAP client is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_openldap-clients_removed
+
+ - id: 2.4
+ title: Ensure nonessential services are removed or masked (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+
+ - id: 3.1.1
+ title: Disable IPv6
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - grub2_ipv6_disable_argument
+ - sysctl_net_ipv6_conf_all_disable_ipv6
+
+ - id: 3.1.2
+ title: Ensure wireless interfaces are disabled (Manual)
+ levels:
+ - l1_server
+ - l2_workstation
+ status: automated
+ notes: >-
+ the rule remediation is not exactly on par with the benchmark
+ rules:
+ - wireless_disable_interfaces
+
+ - id: 3.2.1
+ title: Ensure IP forwarding is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_ip_forward
+ - sysctl_net_ipv6_conf_all_forwarding
+ - sysctl_net_ipv6_conf_all_forwarding_value=disabled
+
+ - id: 3.2.2
+ title: Ensure packet redirect sending is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_send_redirects
+ - sysctl_net_ipv4_conf_default_send_redirects
+
+ - id: 3.3.1
+ title: Ensure source routed packets are not accepted
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_accept_source_route
+ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+ - sysctl_net_ipv4_conf_default_accept_source_route
+ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+ - sysctl_net_ipv6_conf_all_accept_source_route
+ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+ - sysctl_net_ipv6_conf_default_accept_source_route
+ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+
+ - id: 3.3.2
+ title: Ensure ICMP redirects are not accepted
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_accept_redirects
+ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
+ - sysctl_net_ipv4_conf_default_accept_redirects
+ - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
+ - sysctl_net_ipv6_conf_all_accept_redirects
+ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
+ - sysctl_net_ipv6_conf_default_accept_redirects
+ - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
+
+ - id: 3.3.3
+ title: Ensure secure ICMP redirects are not accepted
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_secure_redirects
+ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
+ - sysctl_net_ipv4_conf_default_secure_redirects
+ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
+
+ - id: 3.3.4
+ title: Ensure suspicious packets are logged
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_log_martians
+ - sysctl_net_ipv4_conf_all_log_martians_value=enabled
+ - sysctl_net_ipv4_conf_default_log_martians
+ - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+
+ - id: 3.3.5
+ title: Ensure broadcast ICMP requests are ignored
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+
+ - id: 3.3.6
+ title: Ensure bogus ICMP responses are ignored
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
+
+ - id: 3.3.7
+ title: Ensure Reverse Path Filtering is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_conf_all_rp_filter
+ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+ - sysctl_net_ipv4_conf_default_rp_filter
+ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled
+
+ - id: 3.3.8
+ title: Ensure TCP SYN Cookies is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv4_tcp_syncookies
+ - sysctl_net_ipv4_tcp_syncookies_value=enabled
+
+ - id: 3.3.9
+ title: Ensure IPv6 router advertisements are not accepted
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sysctl_net_ipv6_conf_all_accept_ra
+ - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
+ - sysctl_net_ipv6_conf_default_accept_ra
+ - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
+
+ - id: 3.4.1
+ title: Ensure DCCP is disabled
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - kernel_module_dccp_disabled
+
+ - id: 3.4.2
+ title: Ensure SCTP is disabled
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - kernel_module_sctp_disabled
+
+ - id: 3.5.1.1
+ title: Ensure FirewallD is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_firewalld_installed
+
+ - id: 3.5.1.2
+ title: Ensure nftables is not installed or stopped and masked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_nftables_removed
+ - service_nftables_disabled
+
+ - id: 3.5.1.3
+ title: Ensure firewalld service is enabled and running
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_firewalld_enabled
+
+ - id: 3.5.1.4
+ title: Ensure default zone is set
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - set_firewalld_default_zone
+
+ - id: 3.5.1.5
+ title: Ensure network interfaces are assigned to appropriate zone (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - set_firewalld_appropriate_zone
+
+ - id: 3.5.1.6
+ title: Ensure unnecessary services and ports are not accepted (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - unnecessary_firewalld_services_ports_disabled
+
+ - id: 3.5.2.1
+ title: Ensure nftables is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_nftables_installed
+ - firewalld-backend
+
+ - id: 3.5.2.2
+ title: Ensure firewalld is not installed or stopped and masked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_firewalld_removed
+ - service_firewalld_disabled
+
+ - id: 3.5.2.3
+ title: Ensure iptables are flushed (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - ensure_iptables_are_flushed
+
+ - id: 3.5.2.4
+ title: Ensure a table exists
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ notes:
+ The audit (OVAL check) cannot be automated,
+ and should be addressed manually.
+ rules:
+ - set_nftables_table
+ - var_nftables_family=inet
+ - var_nftables_table=filter
+
+ - id: 3.5.2.5
+ title: Ensure base chains exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - set_nftables_base_chain
+ - var_nftables_table=filter
+ - var_nftables_family=inet
+ - var_nftables_base_chain_names=chain_names
+ - var_nftables_base_chain_types=chain_types
+ - var_nftables_base_chain_hooks=chain_hooks
+ - var_nftables_base_chain_priorities=chain_priorities
+ - var_nftables_base_chain_policies=chain_policies
+
+
+ - id: 3.5.2.6
+ title: Ensure loopback traffic is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ rules:
+ - set_nftables_loopback_traffic
+
+ - id: 3.5.2.7
+ title: Ensure outbound and established connections are configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ notes: >-
+ The control cannot be automated,
+ and should be addressed manually.
+ rules:
+ - set_nftables_new_connections
+
+ - id: 3.5.2.8
+ title: Ensure default deny firewall policy
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - var_nftables_master_config_file=sysconfig
+ - nftables_ensure_default_deny_policy
+
+ - id: 3.5.2.9
+ title: Ensure nftables service is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - service_nftables_enabled
+
+ - id: 3.5.2.10
+ title: Ensure nftables rules are permanent
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - var_nftables_master_config_file=sysconfig
+ - nftables_rules_permanent
+
+ - id: 3.5.3.1.1
+ title: Ensure iptables package is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_iptables_installed
+ - service_iptables_enabled
+
+ - id: 3.5.3.1.2
+ title: Ensure nftables is not installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual # rule is missing
+
+ - id: 3.5.3.1.3
+ title: Ensure firewalld is not installed or stopped and masked
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - package_firewalld_removed
+ - service_firewalld_disabled
+
+ - id: 3.5.3.2.1
+ title: Ensure default deny firewall policy
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ OUTPUT Chain not covered by this rule
+ rules:
+ - set_iptables_default_rule
+ - set_iptables_default_rule_forward
+
+ - id: 3.5.3.2.2
+ title: Ensure loopback traffic is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - set_loopback_traffic
+
+ - id: 3.5.3.2.3
+ title: Ensure outbound and established connections are configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ rules:
+ - set_iptables_outbound_n_established
+
+ - id: 3.5.3.2.4
+ title: Ensure firewall rules exist for all open ports
+ levels:
+ - l1_server
+ - l1_workstation
+ status: partial
+ rules:
+ - ensure_firewall_rules_for_open_ports
+
+ - id: 3.5.3.3.1
+ title: Ensure IPv6 default deny firewall policy
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ FORWARD and OUTPUT Chain not covered by this rule
+ rules:
+ - set_ip6tables_default_rule
+
+ - id: 3.5.3.3.2
+ title: Ensure IPv6 loopback traffic is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - set_ipv6_loopback_traffic
+
+ - id: 3.5.3.3.3
+ title: Ensure IPv6 outbound and established connections are configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ rules:
+ - set_iptables_outbound_n_established
+
+ - id: 3.5.3.3.4
+ title: Ensure IPv6 firewall rules exist for all open ports (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual # rule missing
+
+ - id: 4.1.1.1
+ title: Ensure auditd is installed
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - package_audit_installed
+ - package_audit-libs_installed
+
+ - id: 4.1.1.2
+ title: Ensure auditd service is enabled and running
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - service_auditd_enabled
+
+ - id: 4.1.1.3
+ title: Ensure auditing for processes that start prior to auditd is enabled
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - grub2_audit_argument
+
+ - id: 4.1.2.1
+ title: Ensure audit log storage size is configured
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - auditd_data_retention_max_log_file
+ - var_auditd_max_log_file=6
+
+ - id: 4.1.2.2
+ title: Ensure audit logs are not automatically deleted
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - auditd_data_retention_max_log_file_action
+ - var_auditd_max_log_file_action=keep_logs
+
+ - id: 4.1.2.3
+ title: Ensure system is disabled when audit logs are full
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - auditd_data_retention_space_left_action
+ - var_auditd_space_left_action=email
+ - auditd_data_retention_action_mail_acct
+ - var_auditd_action_mail_acct=root
+ - auditd_data_retention_admin_space_left_action
+ - var_auditd_admin_space_left_action=halt
+
+ - id: 4.1.2.4
+ title: Ensure audit_backlog_limit is sufficient
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ notes: >-
+ Note, that currently the value is hardcoded to 8192
+ rules:
+ - grub2_audit_backlog_limit_argument
+
+ - id: 4.1.3
+ title: Ensure events that modify date and time information are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ automated: partially # we do not have rule for clock_settime
+ rules:
+ - audit_rules_time_adjtimex
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_watch_localtime
+
+ - id: 4.1.4
+ title: Ensure events that modify user/group information are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_usergroup_modification_group
+ - audit_rules_usergroup_modification_gshadow
+ - audit_rules_usergroup_modification_opasswd
+ - audit_rules_usergroup_modification_passwd
+ - audit_rules_usergroup_modification_shadow
+
+ - id: 4.1.5
+ title: Ensure events that modify the system's network environment are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_networkconfig_modification
+
+ - id: 4.1.6
+ title: Ensure events that modify the system's Mandatory Access Controls are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_mac_modification
+ - audit_rules_mac_modification_usr_share
+
+ - id: 4.1.7
+ title: Ensure login and logout events are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_login_events_faillog
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events_tallylog
+
+ - id: 4.1.8
+ title: Ensure session initiation information is collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_session_events
+
+ - id: 4.1.9
+ title: Ensure discretionary access control permission modification events are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+
+ - id: 4.1.10
+ title: Ensure unsuccessful unauthorized file access attempts are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_unsuccessful_file_modification_creat
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_unsuccessful_file_modification_ftruncate
+
+ - id: 4.1.11
+ title: Ensure use of privileged commands is collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: manual # we have audit_rules_privileged_commands, but it does not set perm=x
+ notes: >-
+ Additional rules for priviliged commands are available and can be enabled.
+ related_rules:
+ - audit_rules_privileged_commands
+
+ - id: 4.1.12
+ title: Ensure successful file system mounts are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_media_export
+
+ - id: 4.1.13
+ title: Ensure file deletion events by users are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_file_deletion_events_unlinkat
+
+ - id: 4.1.14
+ title: Ensure changes to system administration scope (sudoers) is collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_sysadmin_actions
+
+ - id: 4.1.15
+ title: Ensure system administrator actions (sudolog) are collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_sudo_log_events
+
+ - id: 4.1.16
+ title: Ensure kernel module loading and unloading is collected
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_privileged_commands_insmod
+ - audit_rules_privileged_commands_rmmod
+ - audit_rules_privileged_commands_modprobe
+ - audit_rules_kernel_module_loading_delete
+ - audit_rules_kernel_module_loading_init
+ - audit_rules_kernel_module_loading
+
+ - id: 4.1.17
+ title: Ensure the audit configuration is immutable
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - audit_rules_immutable
+
+ - id: 4.2.1.1
+ title: Ensure rsyslog is installed
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 4.2.1.2
+ title: Ensure rsyslog Service is enabled and running
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ status: pending
+ rules: []
+
+ - id: 4.2.1.3
+ title: Ensure rsyslog default file permissions configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - auditd_data_retention_space_left_percentage
+ - var_auditd_space_left_percentage=25pc
+ - auditd_data_retention_space_left_action
+ - var_auditd_space_left_action=email
+
+ - id: 4.2.1.4
+ title: Ensure logging is configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 4.2.1.5
+ title: Ensure rsyslog is configured to send logs to a remote log host
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ rules:
+ - package_systemd-journal-remote_installed
+ - service_systemd-journal-upload_enabled
+ - systemd_journal_upload_url
+ - systemd_journal_upload_server_tls
+
+ - id: 4.2.1.6
+ title: Ensure remote rsyslog messages are only accepted on designated log hosts. (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 4.2.2.1
+ title: Ensure journald is configured to send logs to rsyslog
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - journald_forward_to_syslog
+
+ - id: 4.2.2.2
+ title: Ensure journald is configured to compress large log files
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - journald_compress
+
+ - id: 4.2.2.3
+ title: Ensure journald is configured to write logfiles to persistent disk
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - journald_storage
+
+ - id: 4.2.3
+ title: Ensure permissions on all logfiles are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ rules:
+ - permissions_local_var_log
+ related_rules:
+ - file_owner_var_log
+ - file_groupowner_var_log
+ - file_permissions_var_log
+ - file_owner_var_log_messages
+ - file_groupowner_var_log_messages
+ - file_permissions_var_log
+
+ - id: 4.2.4
+ title: Ensure logrotate is configured (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ notes: >-
+ Rule configures logrotate service.
+ rules:
+ - package_logrotate_installed
+ - timer_logrotate_enabled
+ - ensure_logrotate_activated
+
+ - id: 5.1.1
+ title: Ensure cron daemon is enabled and running
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.2
+ title: Ensure permissions on /etc/crontab are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.3
+ title: Ensure permissions on /etc/cron.hourly are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.4
+ title: Ensure permissions on /etc/cron.daily are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.5
+ title: Ensure permissions on /etc/cron.weekly are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.6
+ title: Ensure permissions on /etc/cron.monthly are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.7
+ title: Ensure permissions on /etc/cron.d are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.8
+ title: Ensure cron is restricted to authorized users
+ levels:
+ - l1_server
+ - l1_workstation
+ status: pending
+ rules: []
+
+ - id: 5.1.9
+ title: Ensure at is restricted to authorized users
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_at_allow
+ - file_owner_at_allow
+ - file_permissions_at_allow
+ - file_at_deny_not_exist
+
+ - id: 5.2.1
+ title: Ensure permissions on /etc/ssh/sshd_config are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_sshd_config
+ - file_owner_sshd_config
+ - file_permissions_sshd_config
+
+ - id: 5.2.2
+ title: Ensure permissions on SSH private host key files are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ Rule is not covering User and group Ownership
+ rules:
+ - file_permissions_sshd_private_key
+
+ - id: 5.2.3
+ title: Ensure permissions on SSH public host key files are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ notes: >-
+ Rule is not covering User and group Ownership
+ rules:
+ - file_permissions_sshd_pub_key
+
+ - id: 5.2.4
+ title: Ensure SSH access is limited
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_limit_user_access
+
+ - id: 5.2.5
+ title: Ensure SSH LogLevel is appropriate
+ levels:
+ - l1_server
+ - l1_workstation
+ notes: >-
+ The default rule is configured to enforce the "verbose" log level. Use
+ tailoring to change it to "info" level.
+ status: automated
+ related_rules:
+ - sshd_set_loglevel_info
+ rules:
+ - sshd_set_loglevel_verbose
+
+ - id: 5.2.6
+ title: Ensure SSH X11 forwarding is disabled
+ levels:
+ - l2_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_disable_x11_forwarding
+
+ - id: 5.2.7
+ title: Ensure SSH MaxAuthTries is set to 4 or less
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_set_max_auth_tries
+ - sshd_max_auth_tries_value=4
+
+ - id: 5.2.8
+ title: Ensure SSH IgnoreRhosts is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_disable_rhosts
+
+ - id: 5.2.9
+ title: Ensure SSH HostbasedAuthentication is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - disable_host_auth
+
+ - id: 5.2.10
+ title: Ensure SSH root login is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_disable_root_login
+
+ - id: 5.2.11
+ title: Ensure SSH PermitEmptyPasswords is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_disable_empty_passwords
+
+ - id: 5.2.12
+ title: Ensure SSH PermitUserEnvironment is disabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_do_not_permit_user_env
+
+ - id: 5.2.13
+ title: Ensure only strong Ciphers are used
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ notes: >-
+ The rule checks for default list of ciphers provided in the benchmark.
+ rules:
+ - sshd_approved_ciphers=cis_sle15
+ - sshd_use_approved_ciphers
+ - sshd_use_strong_ciphers
+
+ - id: 5.2.14
+ title: Ensure only strong MAC algorithms are used
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ notes: >-
+ The rule checks for default list of MACs provided in the benchmark.
+ rules:
+ - sshd_approved_macs=cis_sle15
+ - sshd_use_approved_macs
+ - sshd_strong_macs=cis_sle15
+ - sshd_use_strong_macs
+
+ - id: 5.2.15
+ title: Ensure only strong Key Exchange algorithms are used
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_use_strong_kex
+ - sshd_strong_kex=cis_sle15
+
+ - id: 5.2.16
+ title: Ensure SSH Idle Timeout Interval is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_set_idle_timeout
+ - sshd_idle_timeout_value=10_minutes
+ - sshd_set_keepalive
+ - var_sshd_set_keepalive=1
+
+ - id: 5.2.17
+ title: Ensure SSH LoginGraceTime is set to one minute or less
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_set_login_grace_time
+ - var_sshd_set_login_grace_time=60
+
+ - id: 5.2.18
+ title: Ensure SSH warning banner is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_enable_warning_banner
+
+ - id: 5.2.19
+ title: Ensure SSH PAM is enabled
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_enable_pam
+
+ - id: 5.2.20
+ title: Ensure SSH AllowTcpForwarding is disabled
+ levels:
+ - l2_server
+ - l2_workstation
+ status: automated
+ rules:
+ - sshd_disable_tcp_forwarding
+
+ - id: 5.2.21
+ title: Ensure SSH MaxStartups is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_set_maxstartups
+ - var_sshd_set_maxstartups=10:30:60
+
+ - id: 5.2.22
+ title: Ensure SSH MaxSessions is limited
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - sshd_set_max_sessions
+ - var_sshd_max_sessions=10
+
+ - id: 5.3.1
+ title: Ensure password creation requirements are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - cracklib_accounts_password_pam_dcredit
+ - var_password_pam_dcredit=1
+ - cracklib_accounts_password_pam_ucredit
+ - var_password_pam_ucredit=1
+ - cracklib_accounts_password_pam_lcredit
+ - var_password_pam_lcredit=1
+ - cracklib_accounts_password_pam_ocredit
+ - var_password_pam_ocredit=1
+ - cracklib_accounts_password_pam_minlen
+ - var_password_pam_minlen=14
+ - cracklib_accounts_password_pam_retry
+ - var_password_pam_retry=3
+
+ - id: 5.3.2
+ title: Ensure lockout for failed password attempts is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_passwords_pam_tally2
+ - var_password_pam_tally2=3
+ - accounts_passwords_pam_tally2_deny_root
+ - accounts_passwords_pam_tally2_unlock_time
+ - var_accounts_passwords_pam_tally2_unlock_time=1800
+
+ - id: 5.3.3
+ title: Ensure password reuse is limited
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_password_pam_pwhistory_remember
+ - var_password_pam_remember=5
+
+ - id: 5.4.1.1
+ title: Ensure password hashing algorithm is SHA-512
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - set_password_hashing_algorithm_logindefs
+ - var_password_hashing_algorithm=SHA512
+ - accounts_password_all_shadowed_sha512
+
+ - id: 5.4.1.2
+ title: Ensure password expiration is 365 days or less
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_maximum_age_login_defs
+ - var_accounts_maximum_age_login_defs=60
+ - accounts_password_set_max_life_existing
+
+ - id: 5.4.1.3
+ title: Ensure minimum days between password changes is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_minimum_age_login_defs
+ - var_accounts_minimum_age_login_defs=1
+ - accounts_password_set_min_life_existing
+
+ - id: 5.4.1.4
+ title: Ensure password expiration warning days is 7 or more
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_password_warn_age_login_defs
+ - var_accounts_password_warn_age_login_defs=7
+ - accounts_password_set_warn_age_existing
+
+ - id: 5.4.1.5
+ title: Ensure inactive password lock is 30 days or less
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - account_disable_post_pw_expiration
+ - var_account_disable_post_pw_expiration=30
+ - accounts_set_post_pw_existing
+
+
+ - id: 5.4.1.6
+ title: Ensure all users last password change date is in the past
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially
+ rules:
+ - accounts_password_last_change_is_in_past
+
+ - id: 5.4.2
+ title: Ensure system accounts are secured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially # missing rule for locking of accounts
+ rules:
+ - no_shelllogin_for_systemaccounts
+
+ - id: 5.4.3
+ title: Ensure default group for the root account is GID 0
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_root_gid_zero
+
+ - id: 5.4.4
+ title: Ensure default user shell timeout is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially # we check only for value of tmout variable, no export or readonly and we do not check /etc/bashrc
+ rules:
+ - accounts_tmout
+ - var_accounts_tmout=15_min
+
+ - id: 5.4.5
+ title: Ensure default user umask is configured
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially # checking only for numeric umask and we do not check for user_enab in /etc/login.defs
+ rules:
+ - accounts_umask_etc_bashrc
+ - accounts_umask_etc_login_defs
+ - accounts_umask_etc_profile
+ - var_accounts_user_umask=027
+
+ - id: 5.5
+ title: Ensure root login is restricted to system console (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - no_direct_root_logins
+ - securetty_root_login_console_only
+
+ - id: 5.6
+ title: Ensure access to the su command is restricted
+ levels:
+ - l1_server
+ - l1_workstation
+ automated: partially # we check only for usage of use_uid with pam_su, not for the group
+ rules:
+ - ensure_pam_wheel_group_empty
+ - use_pam_wheel_group_for_su
+ - var_pam_wheel_group_for_su=cis
+
+ - id: 6.1.1
+ title: Audit system file permissions (Manual)
+ levels:
+ - l2_server
+ - l2_workstation
+ status: manual
+ related_rules:
+ - rpm_verify_permissions
+ - rpm_verify_ownership
+
+ - id: 6.1.2
+ title: Ensure permissions on /etc/passwd are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_passwd
+ - file_owner_etc_passwd
+ - file_permissions_etc_passwd
+ - file_permissions_etc_gshadow
+ - file_groupowner_etc_gshadow
+ - file_owner_etc_gshadow
+
+ - id: 6.1.3
+ title: Ensure permissions on /etc/shadow are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_shadow
+ - file_owner_etc_shadow
+ - file_permissions_etc_shadow
+
+ - id: 6.1.4
+ title: Ensure permissions on /etc/group are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_etc_group
+ - file_owner_etc_group
+ - file_permissions_etc_group
+
+ - id: 6.1.5
+ title: Ensure permissions on /etc/passwd- are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_backup_etc_passwd
+ - file_owner_backup_etc_passwd
+ - file_permissions_backup_etc_passwd
+ - file_permissions_backup_etc_gshadow
+ - file_groupowner_backup_etc_gshadow
+ - file_owner_backup_etc_gshadow
+
+ - id: 6.1.6
+ title: Ensure permissions on /etc/shadow- are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_backup_etc_shadow
+ - file_owner_backup_etc_shadow
+ - file_permissions_backup_etc_shadow
+
+ - id: 6.1.7
+ title: Ensure permissions on /etc/group- are configured
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_groupowner_backup_etc_group
+ - file_owner_backup_etc_group
+ - file_permissions_backup_etc_group
+
+ - id: 6.1.8
+ title: Ensure no world writable files exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_permissions_unauthorized_world_writable
+
+ - id: 6.1.9
+ title: Ensure no unowned files or directories exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - no_files_unowned_by_user
+
+ - id: 6.1.10
+ title: Ensure no ungrouped files or directories exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_permissions_ungroupowned
+
+ - id: 6.1.11
+ title: Audit SUID executables (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - file_permissions_unauthorized_suid
+
+ - id: 6.1.12
+ title: Audit SGID executables (Manual)
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - file_permissions_unauthorized_sgid
+
+ - id: 6.2.1
+ title: Ensure accounts in /etc/passwd use shadowed passwords
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_password_all_shadowed
+
+ - id: 6.2.2
+ title: Ensure /etc/shadow password fields are not empty
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - no_legacy_plus_entries_etc_passwd
+ - no_legacy_plus_entries_etc_shadow
+
+ - id: 6.2.3
+ title: Ensure root is the only UID 0 account
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_no_uid_except_zero
+
+ - id: 6.2.4
+ title: Ensure root PATH Integrity
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_root_path_dirs_no_write
+ - root_path_no_dot
+
+ - id: 6.2.5
+ title: Ensure all users' home directories exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_user_interactive_home_directory_exists
+
+ - id: 6.2.6
+ title: Ensure users' home directories permissions are 750 or more restrictive
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - file_permissions_home_directories
+ - accounts_users_home_files_permissions
+
+ - id: 6.2.7
+ title: Ensure users own their home directories
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual # rule missing checks and remediations
+ related_rules:
+ - file_ownership_home_directories
+ - file_groupownership_home_directories
+ - accounts_users_home_files_ownership
+ - accounts_users_home_files_groupownership
+
+ - id: 6.2.8
+ title: Ensure users' dot files are not group or world writable
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual
+ related_rules:
+ - accounts_user_dot_no_world_writable_programs
+ - accounts_user_dot_group_ownership
+ - accounts_user_dot_user_ownership
+
+ - id: 6.2.9
+ title: Ensure no users have .forward files
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - no_forward_files
+
+ - id: 6.2.10
+ title: Ensure no users have .netrc files
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - no_netrc_files
+
+ - id: 6.2.11
+ title: Ensure users' .netrc Files are not group or world accessible
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - accounts_users_netrc_file_permissions
+
+ - id: 6.2.12
+ title: Ensure no users have .rhosts files
+ levels:
+ - l1_server
+ - l1_workstation
+ status: manual # we have a rule but it removes additionally /etc/hosts.equiv
+ related_rules:
+ - no_rsh_trust_files
+
+ - id: 6.2.13
+ title: Ensure all groups in /etc/passwd exist in /etc/group
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - gid_passwd_group_same
+
+ - id: 6.2.14
+ title: Ensure no duplicate UIDs exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - account_unique_id
+
+ - id: 6.2.15
+ title: Ensure no duplicate GIDs exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - group_unique_id
+
+ - id: 6.2.16
+ title: Ensure no duplicate user names exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - account_unique_name
+
+ - id: 6.2.17
+ title: Ensure no duplicate group names exist
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - group_unique_name
+
+ - id: 6.2.18
+ title: Ensure shadow group is empty
+ levels:
+ - l1_server
+ - l1_workstation
+ status: automated
+ rules:
+ - ensure_shadow_group_empty
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
index e6bebd450ae..21a6d25d662 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -36,11 +36,13 @@ identifiers:
cce@rhel10: CCE-90466-4
cce@sle12: CCE-83106-5
cce@sle15: CCE-85693-0
+ cce@slmicro5: CCE-93862-1
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
index cf3b21bf670..c305be5d4db 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -36,11 +36,13 @@ identifiers:
cce@rhel10: CCE-89540-9
cce@sle12: CCE-83137-0
cce@sle15: CCE-85690-6
+ cce@slmicro5: CCE-93861-3
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index a7f46731e0b..ba44cd4cecc 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index b3364fc804c..c89f9952e88 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-89356-0
cce@sle12: CCE-83132-1
cce@sle15: CCE-85695-5
+ cce@slmicro5: CCE-93860-5
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index 7c5693c1685..56ec0034dd9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -36,11 +36,13 @@ identifiers:
cce@rhel10: CCE-90685-9
cce@sle12: CCE-83136-2
cce@sle15: CCE-85721-9
+ cce@slmicro5: CCE-93859-7
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index 737e93b2ce7..4da5306ebba 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-90651-1
cce@sle12: CCE-83134-7
cce@sle15: CCE-85692-2
+ cce@slmicro5: CCE-93858-9
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index 2f100463bcc..a7daeb46d12 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -56,6 +56,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index d61618227ae..a125228d24d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -45,11 +45,13 @@ identifiers:
cce@rhel10: CCE-89370-1
cce@sle12: CCE-83141-2
cce@sle15: CCE-85688-0
+ cce@slmicro5: CCE-93857-1
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 9ea9c6daec8..9b93a4f4aac 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -42,6 +42,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
index 680e6738070..b2f9e889c8c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -50,11 +50,13 @@ identifiers:
cce@rhel10: CCE-90100-9
cce@sle12: CCE-83139-6
cce@sle15: CCE-85685-6
+ cce@slmicro5: CCE-93856-3
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index ec9986acf70..137460aa7e5 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -45,11 +45,13 @@ identifiers:
cce@rhel10: CCE-88052-6
cce@sle12: CCE-83256-8
cce@sle15: CCE-85689-8
+ cce@slmicro5: CCE-93855-5
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index c9f5d616778..c9ff7a85844 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -49,11 +49,13 @@ identifiers:
cce@rhel10: CCE-89677-9
cce@sle12: CCE-83140-4
cce@sle15: CCE-85684-9
+ cce@slmicro5: CCE-93854-8
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index 23641d3103b..7c8e3b12281 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -45,11 +45,13 @@ identifiers:
cce@rhel10: CCE-89571-4
cce@sle12: CCE-83142-0
cce@sle15: CCE-85687-2
+ cce@slmicro5: CCE-93853-0
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.9
cis@sle15: 4.1.9
+ cis@slmicro5: 4.1.9
cis@ubuntu2004: 4.1.9
cis@ubuntu2204: 4.1.3.9
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
index 34a2c9e894d..3b9508a7406 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-90733-7
cce@sle12: CCE-91606-4
cce@sle15: CCE-85768-0
+ cce@slmicro5: CCE-93852-2
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.13
cis@sle15: 4.1.13
+ cis@slmicro5: 4.1.13
cis@ubuntu2004: 4.1.13
cis@ubuntu2204: 4.1.3.13
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index effea5c0582..1de04810004 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -30,11 +30,13 @@ identifiers:
cce@rhel10: CCE-90237-9
cce@sle12: CCE-91607-2
cce@sle15: CCE-85769-8
+ cce@slmicro5: CCE-93851-4
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.13
cis@sle15: 4.1.13
+ cis@slmicro5: 4.1.13
cis@ubuntu2004: 4.1.13
cis@ubuntu2204: 4.1.3.13
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index dd8371ba2a5..5ace03a608e 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-86737-4
cce@sle12: CCE-91609-8
cce@sle15: CCE-85771-4
+ cce@slmicro5: CCE-93849-8
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.13
cis@sle15: 4.1.13
+ cis@slmicro5: 4.1.13
cis@ubuntu2004: 4.1.13
cis@ubuntu2204: 4.1.3.13
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index f871dd645c7..6d609b2eb35 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -30,11 +30,13 @@ identifiers:
cce@rhel10: CCE-87813-2
cce@sle12: CCE-91610-6
cce@sle15: CCE-85772-2
+ cce@slmicro5: CCE-93850-6
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.13
cis@sle15: 4.1.13
+ cis@slmicro5: 4.1.13
cis@ubuntu2004: 4.1.13
cis@ubuntu2204: 4.1.3.13
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
index 3835b0f98c0..17327ac3a49 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
@@ -40,6 +40,7 @@ identifiers:
cce@rhel10: CCE-87250-7
cce@sle12: CCE-91652-8
cce@sle15: CCE-91246-9
+ cce@slmicro5: CCE-93846-4
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
@@ -72,4 +73,3 @@ warnings:
audit_rules_unsuccessful_file_modification_ftruncate
audit_rules_unsuccessful_file_modification_creat
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index 1146fe8fd22..54002d24977 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -41,11 +41,13 @@ identifiers:
cce@rhel10: CCE-87052-7
cce@sle12: CCE-83092-7
cce@sle15: CCE-85681-5
+ cce@slmicro5: CCE-93848-0
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
+ cis@slmicro5: 4.1.10
cis@ubuntu2004: 4.1.10
cis@ubuntu2204: 4.1.3.7
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index 401a76aa762..34bc88541a4 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -41,11 +41,13 @@ identifiers:
cce@rhel10: CCE-86729-1
cce@sle12: CCE-83091-9
cce@sle15: CCE-85696-3
+ cce@slmicro5: CCE-93847-2
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
+ cis@slmicro5: 4.1.10
cis@ubuntu2004: 4.1.10
cis@ubuntu2204: 4.1.3.7
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index 5f27a832ed4..6bf71d78ae6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -41,11 +41,13 @@ identifiers:
cce@rhel10: CCE-89291-9
cce@sle12: CCE-83093-5
cce@sle15: CCE-85682-3
+ cce@slmicro5: CCE-93845-6
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
+ cis@slmicro5: 4.1.10
cis@ubuntu2004: 4.1.10
cis@ubuntu2204: 4.1.3.7
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 5671f0af5ea..1cc55c41cb5 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -41,11 +41,13 @@ identifiers:
cce@rhel10: CCE-89869-2
cce@sle12: CCE-83085-1
cce@sle15: CCE-85608-8
+ cce@slmicro5: CCE-93844-9
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.10
cis@sle15: 4.1.10
+ cis@slmicro5: 4.1.10
cis@ubuntu2004: 4.1.10
cis@ubuntu2204: 4.1.3.7
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
index 590a5ff6b02..8c991a6a9db 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
index 8496dab6d00..fe0e3b9f80c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
@@ -30,11 +30,13 @@ identifiers:
cce@rhel10: CCE-89198-6
cce@sle12: CCE-91653-6
cce@sle15: CCE-91247-7
+ cce@slmicro5: CCE-93843-1
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cjis: 5.4.1.1
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
cui: 3.1.7
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index 1fc076fe8c9..112f91278bb 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cis@ubuntu2004: 4.1.16
cis@ubuntu2204: 4.1.3.19
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
index 73a9f1dff21..739bfff4113 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_debian,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# reboot = false
# complexity = low
# disruption = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index aa51a41ce54..58cd30b2fd1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-90172-8
cce@sle12: CCE-83130-5
cce@sle15: CCE-85750-8
+ cce@slmicro5: CCE-93842-3
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cis@ubuntu2004: 4.1.16
cis@ubuntu2204: 4.1.3.19
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml
index 382ad45da71..913e24caa15 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillog/rule.yml
@@ -26,10 +26,12 @@ severity: medium
identifiers:
cce@sle12: CCE-83192-5
cce@sle15: CCE-92576-8
+ cce@slmicro5: CCE-93841-5
references:
cis@sle12: 4.1.7
cis@sle15: 4.1.7
+ cis@slmicro5: 4.1.7
cis@ubuntu2004: 4.1.7
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index 740f309db34..ee68421a4e9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.7
cis@sle15: 4.1.7
+ cis@slmicro5: 4.1.7
cis@ubuntu2004: 4.1.7
cis@ubuntu2204: 4.1.3.12
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
index 35a5f326c68..64264b44fb2 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.7
cis@sle15: 4.1.7
+ cis@slmicro5: 4.1.7
cis@ubuntu2004: 4.1.7
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
cui: 3.1.7
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index fea137f84a1..8eaee6efc55 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -35,6 +35,7 @@ identifiers:
references:
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cis@ubuntu2004: 4.1.16
cis@ubuntu2204: 4.1.3.19
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
@@ -52,4 +53,3 @@ ocil: |-
If the system is configured to audit the execution of the module management program "insmod",
the command will return a line.
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 1e2010d986f..5690464e115 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -39,6 +39,7 @@ identifiers:
references:
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cis@ubuntu2004: 4.1.16
cis@ubuntu2204: 4.1.3.19
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
@@ -58,4 +59,3 @@ ocil: |-
-w /sbin/modprobe -p x -k modules
It should return a relevant line in the audit rules.
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index ac2680302d0..5d25a27993c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -35,6 +35,7 @@ identifiers:
references:
cis@sle12: 4.1.16
cis@sle15: 4.1.16
+ cis@slmicro5: 4.1.16
cis@ubuntu2004: 4.1.16
cis@ubuntu2204: 4.1.3.19
disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
@@ -52,4 +53,3 @@ ocil: |-
If the system is configured to audit the execution of the module management program "rmmod",
the command will return a line.
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
index 1eae30fa795..3e5198685d1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
@@ -31,11 +31,13 @@ identifiers:
cce@rhel10: CCE-89816-3
cce@sle12: CCE-91554-6
cce@sle15: CCE-85831-6
+ cce@slmicro5: CCE-93869-6
references:
cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8
cis@sle12: 4.1.17
cis@sle15: 4.1.17
+ cis@slmicro5: 4.1.17
cis@ubuntu2004: 4.1.17
cis@ubuntu2204: 4.1.3.20
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
index e55119fd117..612b3d5d398 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
index 79440e79b9b..67a97f3b3cc 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
index 0049d293064..0fd1441c3cb 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-87320-8
cce@sle12: CCE-91601-5
cce@sle15: CCE-85830-8
+ cce@slmicro5: CCE-93868-8
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.6
cis@sle15: 4.1.6
+ cis@slmicro5: 4.1.6
cis@ubuntu2204: 4.1.3.14
cjis: 5.4.1.1
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
@@ -53,4 +55,3 @@ ocil: |-
If the system is configured to watch for changes to its SELinux
configuration, a line should be returned (including
perm=wa indicating permissions that are watched).
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
index 496670fadfa..db0071c35d1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
index b61368c0c58..72593e9e7c9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,,multi_platform_slmicro,multi_platform_ubuntu
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/usr/share/selinux/", "wa", "MAC-policy") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
index de38f3e7682..8ebc2dc845f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel10: CCE-88117-7
cce@sle12: CCE-92400-1
cce@sle15: CCE-92515-6
+ cce@slmicro5: CCE-93867-0
references:
cis@sle12: 4.1.6
cis@sle15: 4.1.6
+ cis@slmicro5: 4.1.6
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
cui: 3.1.8
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
index 766663e81fd..96a0fd18186 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -37,6 +37,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.12
cis@sle15: 4.1.12
+ cis@slmicro5: 4.1.12
cis@ubuntu2204: 4.1.3.10
cjis: 5.4.1.1
cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
index fb56e55508c..aca23988287 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot =false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
index 1e040de0584..37415dbcbb1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
index a377f40339b..6d040af6d46 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/rule.yml
@@ -47,11 +47,13 @@ identifiers:
cce@rhel10: CCE-87775-3
cce@sle12: CCE-91602-3
cce@sle15: CCE-85828-2
+ cce@slmicro5: CCE-93866-2
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.5
cis@sle15: 4.1.5
+ cis@slmicro5: 4.1.5
cis@ubuntu2004: 4.1.5
cis@ubuntu2204: 4.1.3.5
cjis: 5.4.1.1
@@ -77,4 +79,3 @@ ocil: |-
{{% endif %}}
If the system is configured to watch for network configuration changes, a line should be returned for
each file specified (and perm=wa should be indicated for each).
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
index 58be87f4b54..38393203909 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
index bd42cc0f1b7..4a5850483cf 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicor,multi_platform_ubuntu
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
index b8dad7b568c..9fb177a5af9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-89323-0
cce@sle12: CCE-91603-1
cce@sle15: CCE-85829-0
+ cce@slmicro5: CCE-93865-4
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.8
cis@sle15: 4.1.8
+ cis@slmicro5: 4.1.8
cis@ubuntu2004: 4.1.8
cis@ubuntu2204: 4.1.3.11
cjis: 5.4.1.1
@@ -52,4 +54,3 @@ references:
nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
pcidss: Req-10.2.3
srg: SRG-APP-000505-CTR-001285
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index 9d693f53480..27acb0fcf5c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -35,6 +35,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.14
cis@sle15: 4.1.14
+ cis@slmicro5: 4.1.14
cis@ubuntu2004: 4.1.14
cis@ubuntu2204: 4.1.3.1
cjis: 5.4.1.1
@@ -58,4 +59,3 @@ ocil_clause: 'there is not output'
ocil: |-
To verify that auditing is configured for system administrator actions, run the following command:
$ sudo auditctl -l | grep "watch=/etc/sudoers\|watch=/etc/sudoers.d\|-w /etc/sudoers\|-w /etc/sudoers.d"
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 9bb644fb7f0..23b6aa5111b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
+ cis@slmicro5: 4.1.4
cis@ubuntu2004: 4.1.4
cis@ubuntu2204: 4.1.3.8
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 61e7ce7bec4..66e53dab50c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-87736-5
cce@sle12: CCE-83095-0
cce@sle15: CCE-85580-9
+ cce@slmicro5: CCE-93864-7
references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
+ cis@slmicro5: 4.1.4
cis@ubuntu2004: 4.1.4
cis@ubuntu2204: 4.1.3.8
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index 5a62a050ca1..f7693461560 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
+ cis@slmicro5: 4.1.4
cis@ubuntu2004: 4.1.4
cis@ubuntu2204: 4.1.3.8
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index adb4bfb33bc..45030b4f9de 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
+ cis@slmicro5: 4.1.4
cis@ubuntu2004: 4.1.4
cis@ubuntu2204: 4.1.3.8
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index 10c1feb90cf..01ff15bf617 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -39,6 +39,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.4
cis@sle15: 4.1.4
+ cis@slmicro5: 4.1.4
cis@ubuntu2004: 4.1.4
cis@ubuntu2204: 4.1.3.8
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
index 7e70f98a940..df6f67eab9b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
@@ -42,10 +42,12 @@ identifiers:
cce@rhel10: CCE-89542-5
cce@sle12: CCE-92355-7
cce@sle15: CCE-92551-1
+ cce@slmicro5: CCE-93863-9
references:
cis@sle12: 4.1.15
cis@sle15: 4.1.15
+ cis@slmicro5: 4.1.15
cis@ubuntu2204: 4.1.3.3
disa: CCI-000172,CCI-002884
pcidss: Req-10.2.2,Req-10.2.5.b
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
index 24b4da6b694..d62a2a1359b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
index 9f15b3154ab..69157e03687 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/rule.yml
@@ -37,11 +37,13 @@ identifiers:
cce@rhel10: CCE-87633-4
cce@sle12: CCE-91612-2
cce@sle15: CCE-85814-2
+ cce@slmicro5: CCE-93840-7
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.3
cis@sle15: 4.1.3
+ cis@slmicro5: 4.1.3
cis@ubuntu2004: 4.1.3
cis@ubuntu2204: 4.1.3.4
cjis: 5.4.1.1
@@ -59,4 +61,3 @@ references:
ocil_clause: 'the system is not configured to audit time changes'
{{{ complete_ocil_entry_audit_syscall(syscall="adjtimex") }}}
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
index b7f44ab38d4..e9f56e65ac6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
index fc50e54bcfc..99bf9f813c7 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/rule.yml
@@ -37,11 +37,13 @@ identifiers:
cce@rhel10: CCE-90548-9
cce@sle12: CCE-91614-8
cce@sle15: CCE-85813-4
+ cce@slmicro5: CCE-93839-9
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.3
cis@sle15: 4.1.3
+ cis@slmicro5: 4.1.3
cis@ubuntu2004: 4.1.3
cis@ubuntu2204: 4.1.3.4
cjis: 5.4.1.1
@@ -59,4 +61,3 @@ references:
ocil_clause: 'the system is not configured to audit time changes'
{{{ complete_ocil_entry_audit_syscall(syscall="settimeofday") }}}
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
index b7f44ab38d4..e9f56e65ac6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
index 9835e4027eb..f08ec50472f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/rule.yml
@@ -44,11 +44,13 @@ identifiers:
cce@rhel10: CCE-89077-2
cce@sle12: CCE-91615-5
cce@sle15: CCE-85815-9
+ cce@slmicro5: CCE-93838-1
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.3
cis@sle15: 4.1.3
+ cis@slmicro5: 4.1.3
cis@ubuntu2004: 4.1.3
cis@ubuntu2204: 4.1.3.4
cjis: 5.4.1.1
@@ -69,4 +71,3 @@ ocil: |-
If the system is not configured to audit time changes, this is a finding.
If the system is 64-bit only, this is not applicable
{{{ complete_ocil_entry_audit_syscall(syscall="stime") }}}
-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
index 0899dcdeddf..58ecd21edf6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
index 9f7805962a4..429964e20ef 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/rule.yml
@@ -31,11 +31,13 @@ identifiers:
cce@rhel10: CCE-89928-6
cce@sle12: CCE-91616-3
cce@sle15: CCE-85812-6
+ cce@slmicro5: CCE-93837-3
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.3
cis@sle15: 4.1.3
+ cis@slmicro5: 4.1.3
cis@ubuntu2004: 4.1.3
cis@ubuntu2204: 4.1.3.4
cjis: 5.4.1.1
@@ -58,4 +60,3 @@ ocil: |-
command:
$ sudo auditctl -l | grep "watch=/etc/localtime"
If the system is configured to audit this activity, it will return a line.
-
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 51659161209..ea6b13852e3 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -28,6 +28,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@sle12: 4.1.2.3
cis@sle15: 4.1.2.3
+ cis@slmicro5: 4.1.2.3
cis@ubuntu2004: 4.1.2.3
cis@ubuntu2204: 4.1.2.3
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
index 49efdc91812..c559b41776b 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
index f377a92ddfc..c68ca033c2d 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
index 500abf25777..fa8625e972c 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/rule.yml
@@ -29,11 +29,13 @@ identifiers:
cce@rhel10: CCE-89040-0
cce@sle12: CCE-91618-9
cce@sle15: CCE-85824-1
+ cce@slmicro5: CCE-93836-5
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@sle12: 4.1.2.3
cis@sle15: 4.1.2.3
+ cis@slmicro5: 4.1.2.3
cis@ubuntu2004: 4.1.2.3
cis@ubuntu2204: 4.1.2.3
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
index 8a53bf8475b..7490e71dcf8 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
index 4d6d7967dae..06a870835f1 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/rule.yml
@@ -26,11 +26,13 @@ identifiers:
cce@rhel10: CCE-89263-8
cce@sle12: CCE-91619-7
cce@sle15: CCE-85825-8
+ cce@slmicro5: CCE-93835-7
references:
cis-csc: 1,11,12,13,14,15,16,19,3,4,5,6,7,8
cis@sle12: 4.1.2.1
cis@sle15: 4.1.2.1
+ cis@slmicro5: 4.1.2.1
cis@ubuntu2004: 4.1.2.1
cis@ubuntu2204: 4.1.2.1
cjis: 5.4.1.1
@@ -50,4 +52,3 @@ ocil: |-
determine how much data the system will retain in each audit log file:
$ sudo grep max_log_file /etc/audit/auditd.conf
max_log_file = 6
-
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
index 69ae3cb8950..032c2030256 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
index 5007f965f81..df13ef1f216 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
index eb5280dbc31..870f5254980 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
@@ -35,11 +35,13 @@ identifiers:
cce@rhel10: CCE-86674-9
cce@sle12: CCE-91620-5
cce@sle15: CCE-85778-9
+ cce@slmicro5: CCE-93834-0
references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@sle12: 4.1.2.2
cis@sle15: 4.1.2.2
+ cis@slmicro5: 4.1.2.2
cis@ubuntu2004: 4.1.2.2
cis@ubuntu2204: 4.1.2.2
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 1956706cf84..30931a5e26e 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -41,6 +41,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8
cis@sle12: 4.1.2.3
cis@sle15: 4.1.2.3
+ cis@slmicro5: 4.1.2.3
cis@ubuntu2004: 4.1.2.3
cis@ubuntu2204: 4.1.2.3
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/auditing/grub2_audit_argument/rule.yml
index c299d690b9b..e53a46352b3 100644
--- a/linux_os/guide/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/auditing/grub2_audit_argument/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-88376-9
cce@sle12: CCE-91553-8
cce@sle15: CCE-85832-4
+ cce@slmicro5: CCE-93871-2
references:
cis-csc: 1,11,12,13,14,15,16,19,3,4,5,6,7,8
cis@sle12: 4.1.1.3
cis@sle15: 4.1.1.3
+ cis@slmicro5: 4.1.1.3
cis@ubuntu2004: 4.1.1.3
cis@ubuntu2204: 4.1.1.3
cjis: 5.4.1.1
diff --git a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
index 29aa7f9adf7..3caeb9ae793 100644
--- a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-88192-0
cce@sle12: CCE-92254-2
cce@sle15: CCE-91374-9
+ cce@slmicro5: CCE-93870-4
references:
cis@sle12: 4.1.2.4
cis@sle15: 4.1.2.4
+ cis@slmicro5: 4.1.2.4
cis@ubuntu2004: 4.1.1.4
cis@ubuntu2204: 4.1.1.4
disa: CCI-001849,CCI-001464
diff --git a/linux_os/guide/auditing/package_audit-libs_installed/rule.yml b/linux_os/guide/auditing/package_audit-libs_installed/rule.yml
index 98b760529fa..80c6891efbd 100644
--- a/linux_os/guide/auditing/package_audit-libs_installed/rule.yml
+++ b/linux_os/guide/auditing/package_audit-libs_installed/rule.yml
@@ -20,10 +20,12 @@ identifiers:
cce@rhel10: CCE-90611-5
cce@sle12: CCE-92320-1
cce@sle15: CCE-92478-7
+ cce@slmicro5: CCE-93872-0
references:
cis@sle12: 4.1.1.1
cis@sle15: 4.1.1.1
+ cis@slmicro5: 4.1.1.1
disa: CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-000135,CCI-000154,CCI-000158,CCI-000172,CCI-001464,CCI-001487,CCI-003938,CCI-001875,CCI-001876,CCI-001877,CCI-001878,CCI-001879,CCI-001880,CCI-001881,CCI-001882,CCI-001889,CCI-001914,CCI-002884,CCI-000169
nerc-cip: CIP-004-6 R3.3,CIP-007-3 R6.5
nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
@@ -33,7 +35,7 @@ references:
ocil_clause: 'the {{{ package_name }}} package is not installed'
-{{% if product in ["sle12","sle15"] %}}
+{{% if product in ["sle12","sle15","slmicro5"] %}}
ocil: '{{{ ocil_package("libaudit1") }}}'
{{% else %}}
ocil: '{{{ ocil_package("audit-libs") }}}'
@@ -41,7 +43,7 @@ ocil: '{{{ ocil_package("audit-libs") }}}'
fixtext: |-
Install the {{{ package_name }}} package (if {{{ package_name }}} package is not already installed) with the following command:
-{{% if product in ["sle12","sle15"] %}}
+{{% if product in ["sle12","sle15","slmicro5"] %}}
{{{ package_install("libaudit1") }}}
{{% else %}}
{{{ package_install("audit-libs") }}}
@@ -52,3 +54,4 @@ template:
vars:
pkgname: audit-libs
pkgname@sle15: libaudit1
+ pkgname@slmicro5: libaudit1
diff --git a/linux_os/guide/auditing/package_audit_installed/rule.yml b/linux_os/guide/auditing/package_audit_installed/rule.yml
index 466f246e1de..12c7f3661e5 100644
--- a/linux_os/guide/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/auditing/package_audit_installed/rule.yml
@@ -20,6 +20,7 @@ identifiers:
references:
cis@sle12: 4.1.1.1
cis@sle15: 4.1.1.1
+ cis@slmicro5: 4.1.1.1
cis@ubuntu2004: 4.1.1.1
cis@ubuntu2204: 4.1.1.1
disa: CCI-000133,CCI-001881,CCI-001875,CCI-000154,CCI-001882,CCI-000158,CCI-001914,CCI-000169,CCI-001464,CCI-001878,CCI-001877,CCI-001889,CCI-000135,CCI-002884,CCI-001487,CCI-003938,CCI-000132,CCI-000134,CCI-000172,CCI-000130,CCI-000131,CCI-001879,CCI-001880,CCI-001876,CCI-000159
diff --git a/linux_os/guide/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
index 855978657dc..13272cb0489 100644
--- a/linux_os/guide/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
cis@sle12: 4.1.1.2
cis@sle15: 4.1.1.2
+ cis@slmicro5: 4.1.1.2
cis@ubuntu2004: 4.1.1.2
cis@ubuntu2204: 4.1.1.2
cjis: 5.4.1.1
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml
index a86917f5bd3..adea535a854 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel9: CCE-86516-2
cce@sle12: CCE-92310-2
cce@sle15: CCE-92465-4
-
+ cce@slmicro5: CCE-93932-2
+
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.3
cis@sle15: 2.2.3
+ cis@slmicro5: 2.2.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
disa: CCI-000366
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml
index 979c97eb5f8..77c6bb8ef38 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-87375-2
cce@sle12: CCE-92314-4
cce@sle15: CCE-92464-7
+ cce@slmicro5: CCE-93931-4
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.3
cis@sle15: 2.2.3
+ cis@slmicro5: 2.2.3
cis@ubuntu2004: 2.2.3
cis@ubuntu2204: 2.2.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
index 4902245f45c..1ad239ed91b 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-90062-1
cce@sle12: CCE-91691-6
cce@sle15: CCE-91321-0
+ cce@slmicro5: CCE-93930-6
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.3
cis@sle15: 2.2.3
+ cis@slmicro5: 2.2.3
cis@ubuntu2004: 2.2.3
cis@ubuntu2204: 2.2.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
index 7e6cf5c3b00..c6e39463924 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-89507-8
cce@sle12: CCE-91683-3
cce@sle15: CCE-91313-7
+ cce@slmicro5: CCE-93929-8
references:
cis@sle12: 5.1.9
cis@sle15: 5.1.9
+ cis@slmicro5: 5.1.9
cis@ubuntu2204: 5.1.9
ocil_clause: 'the file /etc/at.deny exists'
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
index d37fe584e84..8f733aa019d 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-90598-4
cce@sle12: CCE-91685-8
cce@sle15: CCE-91315-2
+ cce@slmicro5: CCE-93928-0
references:
cis@sle12: 5.1.9
cis@sle15: 5.1.9
+ cis@slmicro5: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
index 7a93eddbf88..2cf0d40ad79 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-88524-4
cce@sle12: CCE-91687-4
cce@sle15: CCE-91317-8
+ cce@slmicro5: CCE-93927-2
references:
cis@sle12: 5.1.9
cis@sle15: 5.1.9
+ cis@slmicro5: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
index ca6b247754e..be2309d6766 100644
--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml
@@ -28,10 +28,12 @@ identifiers:
cce@rhel10: CCE-90283-3
cce@sle12: CCE-91689-0
cce@sle15: CCE-91319-4
+ cce@slmicro5: CCE-93926-4
references:
cis@sle12: 5.1.9
cis@sle15: 5.1.9
+ cis@slmicro5: 5.1.9
cis@ubuntu2004: 5.1.9
cis@ubuntu2204: 5.1.9
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_client/package_dhcp_client_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/package_dhcp_client_removed/rule.yml
index 67a2934b2e8..985b6fc4f8b 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_client/package_dhcp_client_removed/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/package_dhcp_client_removed/rule.yml
@@ -9,7 +9,7 @@ description: |-
{{{ describe_package_remove(package="dhcp-client") }}}
rationale: |-
- Removing the DHCP client is necessary when the system works
+ Removing the DHCP client is necessary when the system works
or will work in a static network environment. In this case
the system has/will have a static IP address assigned.
@@ -18,10 +18,12 @@ severity: medium
identifiers:
cce@sle12: CCE-92361-5
cce@sle15: CCE-92511-5
+ cce@slmicro5: CCE-93925-6
references:
cis@sle12: 2.2.5
cis@sle15: 2.2.5
+ cis@slmicro5: 2.2.5
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
disa: CCI-000366
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
index e10d7c21cb3..d73b5183c9e 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-87013-9
cce@sle12: CCE-91453-1
cce@sle15: CCE-85759-9
+ cce@slmicro5: CCE-93924-9
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.5
cis@sle15: 2.2.5
+ cis@slmicro5: 2.2.5
cis@ubuntu2004: 2.2.5
cis@ubuntu2204: 2.2.4
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
index 38ad89351d9..00951af0853 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel9: CCE-84241-9
cce@sle12: CCE-92243-5
cce@sle15: CCE-91363-2
+ cce@slmicro5: CCE-93923-1
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.5
cis@sle15: 2.2.5
+ cis@slmicro5: 2.2.5
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
disa: CCI-000366
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
index 767aab8ff31..48a7feaed66 100644
--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
+++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-87806-6
cce@sle12: CCE-91642-9
cce@sle15: CCE-91285-7
+ cce@slmicro5: CCE-93922-3
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.9
cis@sle15: 2.2.9
+ cis@slmicro5: 2.2.9
cis@ubuntu2004: 2.2.8
cis@ubuntu2204: 2.2.7
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
index 03b229f7f32..8d22d722cb0 100644
--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
+++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel9: CCE-84194-0
cce@sle12: CCE-92245-0
cce@sle15: CCE-91365-7
+ cce@slmicro5: CCE-93921-5
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.9
cis@sle15: 2.2.9
+ cis@slmicro5: 2.2.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
disa: CCI-000366
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
index d811d3f56b2..fecfd7986c3 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -17,11 +17,13 @@ identifiers:
cce@rhel10: CCE-88674-7
cce@sle12: CCE-83226-1
cce@sle15: CCE-85700-3
+ cce@slmicro5: CCE-93920-7
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.10
cis@sle15: 2.2.10
+ cis@slmicro5: 2.2.10
cis@ubuntu2004: 2.2.9
cis@ubuntu2204: 2.2.8
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
index 6673e6c3c27..cc16f9644e6 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel9: CCE-84160-1
cce@sle12: CCE-92246-8
cce@sle15: CCE-91366-5
+ cce@slmicro5: CCE-93919-9
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.10
cis@sle15: 2.2.10
+ cis@slmicro5: 2.2.10
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
disa: CCI-001436
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml
index 30c02a7bc13..711159f0c4e 100644
--- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml
+++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-89436-0
cce@sle12: CCE-91643-7
cce@sle15: CCE-91286-5
+ cce@slmicro5: CCE-93918-1
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.11
cis@sle15: 2.2.11
+ cis@slmicro5: 2.2.11
cis@ubuntu2004: 2.2.10
cis@ubuntu2204: 2.2.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
index a8a2647c0c2..604b0c1b33b 100644
--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
+++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel9: CCE-84213-8
cce@sle12: CCE-92247-6
cce@sle15: CCE-91367-3
+ cce@slmicro5: CCE-93917-3
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.11
cis@sle15: 2.2.11
+ cis@slmicro5: 2.2.11
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
index 6ba8754a144..be6a0a54ccc 100644
--- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
+++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-86197-1
cce@sle12: CCE-92249-2
cce@sle15: CCE-91369-9
+ cce@slmicro5: CCE-93916-5
references:
cis@sle12: 2.2.12
cis@sle15: 2.2.12
+ cis@slmicro5: 2.2.12
cis@ubuntu2004: 2.2.11
cis@ubuntu2204: 2.2.10
diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
index ca913c7e776..aba1acc18c8 100644
--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
+++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
@@ -16,10 +16,12 @@ identifiers:
cce@rhel9: CCE-84242-7
cce@sle12: CCE-92248-4
cce@sle15: CCE-91368-1
+ cce@slmicro5: CCE-93915-7
references:
cis@sle12: 2.2.12
cis@sle15: 2.2.12
+ cis@slmicro5: 2.2.12
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="dovecot") }}}
diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
index 76f32a29282..48e47c77f0b 100644
--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
@@ -29,10 +29,12 @@ identifiers:
cce@rhel10: CCE-90641-2
cce@sle12: CCE-91681-7
cce@sle15: CCE-91310-3
+ cce@slmicro5: CCE-93914-0
references:
cis@sle12: 2.3.5
cis@sle15: 2.3.5
+ cis@slmicro5: 2.3.5
cis@ubuntu2004: 2.3.5
cis@ubuntu2204: 2.3.5
@@ -47,6 +49,7 @@ template:
pkgname: openldap-clients
pkgname@sle12: openldap2-client
pkgname@sle15: openldap2-client
+ pkgname@slmicro5: openldap2-client
pkgname@ubuntu1604: ldap-utils
pkgname@ubuntu1804: ldap-utils
pkgname@ubuntu2004: ldap-utils
diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml
index 91491b27a12..109179bc579 100644
--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml
+++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml
@@ -30,11 +30,13 @@ identifiers:
cce@rhel8: CCE-82415-1
cce@sle12: CCE-91640-3
cce@sle15: CCE-91283-2
+ cce@slmicro5: CCE-93913-2
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.6
cis@sle15: 2.2.6
+ cis@slmicro5: 2.2.6
cis@ubuntu2004: 2.2.6
cis@ubuntu2204: 2.2.5
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
@@ -52,7 +54,7 @@ ocil: |-
following command:
{{{ run_cmd }}}
The output should show the following:
- package {{{ package_name }}} is not installed
+ package {{{ package_name }}} is not installed
template:
name: package_removed
@@ -60,6 +62,7 @@ template:
pkgname: openldap-servers
pkgname@sle12: openldap2
pkgname@sle15: openldap2
+ pkgname@slmicro5: openldap2
pkgname@ubuntu1604: slapd
pkgname@ubuntu1804: slapd
pkgname@ubuntu2004: slapd
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
index e637bb9cdda..19efcc56c0e 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-87280-4
cce@sle12: CCE-91595-9
cce@sle15: CCE-91280-8
+ cce@slmicro5: CCE-93912-4
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.16
cis@sle15: 2.2.16
+ cis@slmicro5: 2.2.16
cis@ubuntu2004: 2.2.15
cis@ubuntu2204: 2.2.15
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
index b6f6248f90c..8160c667ea2 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-88764-6
cce@sle12: CCE-92244-3
cce@sle15: CCE-91364-0
+ cce@slmicro5: CCE-93910-8
references:
cis-csc: 11,12,14,15,16,18,3,5
cis@sle12: 2.2.7
cis@sle15: 2.2.7
+ cis@slmicro5: 2.2.7
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.03,DSS06.06
isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7'
diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
index d9bcfc0d129..898495206fc 100644
--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml
@@ -21,11 +21,12 @@ identifiers:
cce@rhel10: CCE-88270-4
cce@sle12: CCE-91641-1
cce@sle15: CCE-91284-0
+ cce@slmicro5: CCE-93911-6
references:
-
cis@sle12: 2.2.7
cis@sle15: 2.2.7
+ cis@slmicro5: 2.2.7
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
diff --git a/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/rule.yml b/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/rule.yml
index e59dec84984..247ac26acf1 100644
--- a/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_configure_pool_and_server/rule.yml
@@ -23,12 +23,14 @@ platform: package[chrony]
identifiers:
cce@rhel10: CCE-89285-1
- cce@sle12: CCE-92394-6
- cce@sle15: CCE-92526-3
+ cce@sle12: CCE-92394-6
+ cce@sle15: CCE-92526-3
+ cce@slmicro5: CCE-93908-2
references:
cis@sle12: 2.2.1.3
cis@sle15: 2.2.1.3
+ cis@slmicro5: 2.2.1.3
disa: CCI-000160,CCI-001891
ism: 0988,1405
nist: CM-6(a),AU-8(1)(a)
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
index b7eaee763ec..c48f7fe92dd 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_slmicro
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
index 56b10e0a492..5cb8c7be7d7 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
@@ -43,10 +43,12 @@ identifiers:
cce@rhel10: CCE-89296-8
cce@sle12: CCE-92240-1
cce@sle15: CCE-91360-8
+ cce@slmicro5: CCE-93907-4
references:
cis@sle12: 2.2.1.3
cis@sle15: 2.2.1.3
+ cis@slmicro5: 2.2.1.3
cis@ubuntu2004: 2.2.1.3
cis@ubuntu2204: 2.1.2.2
diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
index e144055c1e1..f77ef6af476 100644
--- a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
+++ b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
@@ -22,10 +22,12 @@ identifiers:
cce@rhel10: CCE-89591-2
cce@sle12: CCE-91594-2
cce@sle15: CCE-91229-5
+ cce@slmicro5: CCE-93909-0
references:
cis@sle12: 2.2.1.1
cis@sle15: 2.2.1.1
+ cis@slmicro5: 2.2.1.1
cis@ubuntu2004: 2.2.1.1
cis@ubuntu2204: 2.1.1.1
disa: CCI-004923
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_tcp_wrappers_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_tcp_wrappers_removed/rule.yml
index 088c4f19256..add380eb447 100644
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_tcp_wrappers_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_tcp_wrappers_removed/rule.yml
@@ -7,15 +7,15 @@ description: |-
{{{ describe_package_remove(package="tcpd") }}}
rationale: |-
- Administrators can use TCP wrapper library and daemon for host
- control over network services. In these implementations,
+ Administrators can use TCP wrapper library and daemon for host
+ control over network services. In these implementations,
xinetd runs tcpd program, which first looks
- at the incomming connection as well as the access control lists
+ at the incomming connection as well as the access control lists
in the /etc/hosts.allow and /etc/hosts.deny files.
Removing the xinetd package decreases the risk of the
- xinetd service's accidental (or intentional) activation. The
+ xinetd service's accidental (or intentional) activation. The
removal of tcpd package will support this protective
- measure in addition.
+ measure in addition.
severity: low
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-90110-8
cce@sle12: CCE-92318-5
cce@sle15: CCE-92476-1
+ cce@slmicro5: CCE-93906-6
references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.1.1
cis@sle15: 2.1.1
+ cis@slmicro5: 2.1.1
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
disa: CCI-000305
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
index 6122e38bafd..88c753bc1e1 100644
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-88760-4
cce@sle12: CCE-91480-4
cce@sle15: CCE-91436-6
+ cce@slmicro5: CCE-93905-8
references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.1.1
cis@sle15: 2.1.1
+ cis@slmicro5: 2.1.1
cis@ubuntu2004: 2.1.1
cis@ubuntu2204: 2.1.1
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
index 7071ea7a17a..a3390aa2bf9 100644
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-87207-7
cce@sle12: CCE-92239-3
cce@sle15: CCE-91438-2
+ cce@slmicro5: CCE-93904-1
references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.1.1
cis@sle15: 2.1.1
+ cis@slmicro5: 2.1.1
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
cui: 3.4.7
disa: CCI-000305
diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
index a4dae4c52c7..ccd07d0a95b 100644
--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml
@@ -24,10 +24,12 @@ identifiers:
cce@rhel10: CCE-87211-9
cce@sle12: CCE-91458-0
cce@sle15: CCE-91159-4
+ cce@slmicro5: CCE-93903-3
references:
cis@sle12: 2.3.1
cis@sle15: 2.3.1
+ cis@slmicro5: 2.3.1
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
ocil: '{{{ describe_package_remove(package="ypbind") }}}'
diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
index 26c2c2e80d1..40bf5ac70ec 100644
--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-88114-4
cce@sle12: CCE-91459-8
cce@sle15: CCE-91160-2
+ cce@slmicro5: CCE-93902-5
references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.2.18
cis@sle15: 2.2.18
+ cis@slmicro5: 2.2.18
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
disa: CCI-000381
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
index 38024ff196b..bb3dfe014ca 100644
--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
@@ -31,10 +31,12 @@ identifiers:
cce@rhel10: CCE-90124-9
cce@sle12: CCE-91454-9
cce@sle15: CCE-85760-7
+ cce@slmicro5: CCE-93901-7
references:
cis@sle12: 2.3.2
cis@sle15: 2.3.2
+ cis@slmicro5: 2.3.2
cis@ubuntu2004: 2.3.2
cis@ubuntu2204: 2.3.2
cui: 3.1.13
diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
index 5e382e97b9a..58c4648690a 100644
--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-90657-8
cce@sle12: CCE-91456-4
cce@sle15: CCE-91432-5
+ cce@slmicro5: CCE-93900-9
references:
cis@sle12: 2.3.3
cis@sle15: 2.3.3
+ cis@slmicro5: 2.3.3
cis@ubuntu2004: 2.3.3
cis@ubuntu2204: 2.3.3
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
index 263d036f932..eb3db257afd 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
@@ -29,11 +29,13 @@ identifiers:
cce@rhel10: CCE-88105-2
cce@sle12: CCE-83084-4
cce@sle15: CCE-83273-3
+ cce@slmicro5: CCE-93899-3
references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 2.2.19
cis@sle15: 2.2.19
+ cis@slmicro5: 2.2.19
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
disa: CCI-000381
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
index 7320948059b..ddda57c4912 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-90545-5
cce@sle12: CCE-91457-2
cce@sle15: CCE-91434-1
+ cce@slmicro5: CCE-93898-5
references:
cis@sle12: 2.3.4
cis@sle15: 2.3.4
+ cis@slmicro5: 2.3.4
cis@ubuntu2004: 2.3.4
cis@ubuntu2204: 2.3.4
cui: 3.1.13
diff --git a/linux_os/guide/services/printing/package_cups_removed/rule.yml b/linux_os/guide/services/printing/package_cups_removed/rule.yml
index 619414af667..2c4cb7186d7 100644
--- a/linux_os/guide/services/printing/package_cups_removed/rule.yml
+++ b/linux_os/guide/services/printing/package_cups_removed/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-87162-4
cce@sle12: CCE-92311-0
cce@sle15: CCE-92466-2
+ cce@slmicro5: CCE-93897-7
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.4
cis@sle15: 2.2.4
+ cis@slmicro5: 2.2.4
cis@ubuntu2004: 2.2.4
cis@ubuntu2204: 2.2.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml
index c86bd74d2d1..06edf4281c5 100644
--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml
+++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-86174-0
cce@sle12: CCE-91692-4
cce@sle15: CCE-91322-8
+ cce@slmicro5: CCE-93896-9
references:
cis-csc: 11,14,3,9
cis@sle12: 2.2.4
cis@sle15: 2.2.4
+ cis@slmicro5: 2.2.4
cis@ubuntu2004: 2.2.4
cis@ubuntu2204: 2.2.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
index 966244b64ef..b684e80067f 100644
--- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
+++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml
@@ -17,12 +17,14 @@ identifiers:
cce@rhel10: CCE-87396-8
cce@sle12: CCE-92252-6
cce@sle15: CCE-91372-3
+ cce@slmicro5: CCE-93895-1
{{{ complete_ocil_entry_package(package="squid") }}}
references:
cis@sle12: 2.2.14
cis@sle15: 2.2.14
+ cis@slmicro5: 2.2.14
cis@ubuntu2004: 2.2.13
cis@ubuntu2204: 2.2.12
diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
index 762993ffa68..fe2be2f8060 100644
--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
+++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-88847-9
cce@sle12: CCE-92251-8
cce@sle15: CCE-91371-5
+ cce@slmicro5: CCE-93894-4
references:
cis@sle12: 2.2.14
cis@sle15: 2.2.14
+ cis@slmicro5: 2.2.14
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="squid") }}}
diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml
index 19931c7c1e6..72496e25a69 100644
--- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml
+++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-89779-3
cce@sle12: CCE-91644-5
cce@sle15: CCE-91287-3
+ cce@slmicro5: CCE-93893-6
references:
cis@sle12: 2.2.13
cis@sle15: 2.2.13
+ cis@slmicro5: 2.2.13
cis@ubuntu2004: 2.2.12
cis@ubuntu2204: 2.2.11
diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
index 07fd14eb39f..fcc87f4967e 100644
--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
+++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel9: CCE-84201-3
cce@sle12: CCE-92250-0
cce@sle15: CCE-91370-7
+ cce@slmicro5: CCE-93892-8
references:
cis@sle12: 2.2.13
cis@sle15: 2.2.13
+ cis@slmicro5: 2.2.13
disa: CCI-001436
ocil_clause: |-
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
index f414aaa7ebf..917f0458cc5 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
@@ -25,10 +25,12 @@ identifiers:
cce@rhel10: CCE-89193-7
cce@sle12: CCE-91645-2
cce@sle15: CCE-91288-1
+ cce@slmicro5: CCE-93891-0
references:
cis@sle12: 2.2.15
cis@sle15: 2.2.15
+ cis@slmicro5: 2.2.15
cis@ubuntu2004: 2.2.14
cis@ubuntu2204: 2.2.13
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
index 8b790591547..3108c68028e 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-87815-7
cce@sle12: CCE-92253-4
cce@sle15: CCE-91373-1
+ cce@slmicro5: CCE-93890-2
references:
cis@sle12: 2.2.15
cis@sle15: 2.2.15
+ cis@slmicro5: 2.2.15
ism: "1311"
ocil_clause: |-
diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
index 712a829b692..07fbe23a8a2 100644
--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-86992-5
cce@sle12: CCE-92276-5
cce@sle15: CCE-91392-1
+ cce@slmicro5: CCE-93889-4
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.1
cis@sle15: 5.2.1
+ cis@slmicro5: 5.2.1
cis@ubuntu2004: 5.2.1
cis@ubuntu2204: 5.2.1
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
index 0fcef08d02f..800004e9d1d 100644
--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-89829-6
cce@sle12: CCE-92277-3
cce@sle15: CCE-91393-9
+ cce@slmicro5: CCE-93888-6
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.1
cis@sle15: 5.2.1
+ cis@slmicro5: 5.2.1
cis@ubuntu2004: 5.2.1
cis@ubuntu2204: 5.2.1
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
index 89b15465a3b..85350fbd0f2 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-86264-9
cce@sle12: CCE-91674-2
cce@sle15: CCE-91306-1
+ cce@slmicro5: CCE-93887-8
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.1
cis@sle15: 5.2.1
+ cis@slmicro5: 5.2.1
cis@ubuntu2004: 5.2.1
cis@ubuntu2204: 5.2.1
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
index 7469527d644..d14c74ee195 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -38,6 +38,7 @@ references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.2
cis@sle15: 5.2.2
+ cis@slmicro5: 5.2.2
cis@ubuntu2004: 5.2.2
cis@ubuntu2204: 5.2.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index 6b70b8e5c9d..c947fdef9ca 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -22,6 +22,7 @@ references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 5.2.3
cis@sle15: 5.2.3
+ cis@slmicro5: 5.2.3
cis@ubuntu2004: 5.2.3
cis@ubuntu2204: 5.2.3
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
index a11c658f253..45d5e54862b 100644
--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/rule.yml
@@ -28,11 +28,13 @@ identifiers:
cce@rhel10: CCE-88057-5
cce@sle12: CCE-91677-5
cce@sle15: CCE-91439-0
+ cce@slmicro5: CCE-93886-0
references:
cis-csc: 11,12,14,15,16,18,3,5,9
cis@sle12: 5.2.9
cis@sle15: 5.2.9
+ cis@slmicro5: 5.2.9
cis@ubuntu2004: 5.2.8
cis@ubuntu2204: 5.2.8
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
index 8f9ec93a570..3f4b9fb4204 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -34,6 +34,7 @@ references:
cis-csc: 11,12,13,14,15,16,18,3,5,9
cis@sle12: 5.2.11
cis@sle15: 5.2.11
+ cis@slmicro5: 5.2.11
cis@ubuntu2004: 5.2.10
cis@ubuntu2204: 5.2.9
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
index 6c8ffe671c0..5e8d037c60d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-87777-9
cce@sle12: CCE-91676-7
cce@sle15: CCE-91307-9
+ cce@slmicro5: CCE-93885-2
references:
cis-csc: 11,12,14,15,16,18,3,5,9
cis@sle12: 5.2.8
cis@sle15: 5.2.8
+ cis@slmicro5: 5.2.8
cis@ubuntu2004: 5.2.7
cis@ubuntu2204: 5.2.11
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
index 9a07f75eec6..5ef44759fd5 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
@@ -31,6 +31,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,3,5
cis@sle12: 5.2.10
cis@sle15: 5.2.10
+ cis@slmicro5: 5.2.10
cis@ubuntu2004: 5.2.9
cis@ubuntu2204: 5.2.7
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
index 598de7b2ff2..46a31d85e2b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_tcp_forwarding/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-89027-7
cce@sle12: CCE-92204-7
cce@sle15: CCE-91334-3
+ cce@slmicro5: CCE-93884-5
references:
cis@sle12: 5.2.20
cis@sle15: 5.2.20
+ cis@slmicro5: 5.2.20
cis@ubuntu2004: 5.2.20
cis@ubuntu2204: 5.2.16
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index f520fbad55d..9fa2cb3cd28 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -35,6 +35,7 @@ identifiers:
references:
cis@sle12: 5.2.6
cis@sle15: 5.2.6
+ cis@slmicro5: 5.2.6
cis@ubuntu2004: 5.2.5
cis@ubuntu2204: 5.2.12
disa: CCI-000366
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
index 8c524bdcd55..6c1a29f3ff3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 11,3,9
cis@sle12: 5.2.12
cis@sle15: 5.2.12
+ cis@slmicro5: 5.2.12
cis@ubuntu2004: 5.2.11
cis@ubuntu2204: 5.2.10
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
index d862f19c364..82417375edf 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_pam/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel10: CCE-87045-1
cce@sle12: CCE-92203-9
cce@sle15: CCE-91333-5
+ cce@slmicro5: CCE-93883-7
references:
cis@sle12: 5.2.19
cis@sle15: 5.2.19
+ cis@slmicro5: 5.2.19
cis@ubuntu2004: 5.2.19
cis@ubuntu2204: 5.2.6
disa: CCI-000877
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
index 6888999e61b..737f18c7371 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,12,15,16
cis@sle12: 5.2.18
cis@sle15: 5.2.18
+ cis@slmicro5: 5.2.18
cjis: 5.5.6
cobit5: DSS05.04,DSS05.10,DSS06.10
cui: 3.1.9
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
index 3103b9f2b09..bed2b3d683d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/rule.yml
@@ -49,11 +49,13 @@ identifiers:
cce@rhel10: CCE-90003-5
cce@sle12: CCE-92212-0
cce@sle15: CCE-91343-4
+ cce@slmicro5: CCE-93882-9
references:
cis-csc: 11,12,14,15,16,18,3,5
cis@sle12: 5.2.4
cis@sle15: 5.2.4
+ cis@slmicro5: 5.2.4
cis@ubuntu2004: 5.2.17
cis@ubuntu2204: 5.2.4
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.03,DSS06.06
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index 696e203cd68..1e9c0440494 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -37,6 +37,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.2.16
cis@sle15: 5.2.16
+ cis@slmicro5: 5.2.16
cis@ubuntu2004: 5.2.15
cis@ubuntu2204: 5.2.22
cjis: 5.5.6
@@ -89,4 +90,3 @@ template:
datatype: int
backends:
oval: "off"
-
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
index 75789bf3b1a..56e90a9e509 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.2.16
cis@sle15: 5.2.16
+ cis@slmicro5: 5.2.16
cis@ubuntu2004: 5.2.15
cis@ubuntu2204: 5.2.22
cjis: 5.5.6
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
index fabede93214..f0b928c1773 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87290-3
cce@sle12: CCE-92281-5
cce@sle15: CCE-91397-0
+ cce@slmicro5: CCE-93881-1
references:
cis@sle12: 5.2.17
cis@sle15: 5.2.17
+ cis@slmicro5: 5.2.17
cis@ubuntu2004: 5.2.16
cis@ubuntu2204: 5.2.21
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
index 3fa22a16351..8349099b344 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
@@ -31,6 +31,7 @@ identifiers:
references:
cis@sle12: 5.2.5
cis@sle15: 5.2.5
+ cis@slmicro5: 5.2.5
disa: CCI-000067
nerc-cip: CIP-007-3 R7.1
nist: AC-17(a),AC-17(1),CM-6(a)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
index 59395a6575f..118fd3be36c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-90071-2
cce@sle12: CCE-92202-1
cce@sle15: CCE-91332-7
+ cce@slmicro5: CCE-93880-3
references:
cis@debian11: 9.3.5
cis@sle12: 5.2.7
cis@sle15: 5.2.7
+ cis@slmicro5: 5.2.7
cis@ubuntu2004: 5.2.6
cis@ubuntu2204: 5.2.18
ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
index 2603c7bc29c..4ae0b785697 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/rule.yml
@@ -20,10 +20,12 @@ identifiers:
cce@rhel10: CCE-89659-7
cce@sle12: CCE-91679-1
cce@sle15: CCE-91309-5
+ cce@slmicro5: CCE-93879-5
references:
cis@sle12: 5.2.22
cis@sle15: 5.2.22
+ cis@slmicro5: 5.2.22
cis@ubuntu2004: 5.2.22
cis@ubuntu2204: 5.2.20
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
index a327dc85b72..b47bdc96cac 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/rule.yml
@@ -22,10 +22,12 @@ identifiers:
cce@rhel10: CCE-89624-1
cce@sle12: CCE-91678-3
cce@sle15: CCE-91308-7
+ cce@slmicro5: CCE-93878-7
references:
cis@sle12: 5.2.21
cis@sle15: 5.2.21
+ cis@slmicro5: 5.2.21
cis@ubuntu2004: 5.2.21
cis@ubuntu2204: 5.2.19
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
index ac1d0465a74..e200686b9cb 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
@@ -57,6 +57,7 @@ references:
cis-csc: 1,11,12,14,15,16,18,3,5,6,8,9
cis@sle12: 5.2.13
cis@sle15: 5.2.13
+ cis@slmicro5: 5.2.13
cis@ubuntu2004: 5.2.12
cjis: 5.5.6
cobit5: APO11.04,APO13.01,BAI03.05,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.06,DSS06.10,MEA02.01
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
index 6d2fb08c867..8f76474d3ba 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
@@ -49,6 +49,7 @@ references:
cis-csc: 1,12,13,15,16,5,8
cis@sle12: 5.2.14
cis@sle15: 5.2.14
+ cis@slmicro5: 5.2.14
cis@ubuntu2004: 5.2.13
cobit5: APO01.06,APO13.01,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.07,DSS06.02,DSS06.03
cui: 3.1.13,3.13.11,3.13.8
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml
index 2252077b7e3..903250267a4 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml
@@ -24,11 +24,13 @@ severity: medium
identifiers:
cce@sle12: CCE-92279-9
cce@sle15: CCE-91395-4
+ cce@slmicro5: CCE-93877-9
references:
cis@debian: 9.3.11
cis@sle12: 5.2.13
cis@sle15: 5.2.13
+ cis@slmicro5: 5.2.13
cis@ubuntu2204: 5.2.13
ocil_clause: 'ciphers are not configured or not using strong ciphers'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
index ac87fca71b0..d890919c3c0 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-87009-7
cce@sle12: CCE-92339-1
cce@sle15: CCE-92626-1
+ cce@slmicro5: CCE-93876-1
references:
cis@sle12: 5.2.15
cis@sle15: 5.2.15
+ cis@slmicro5: 5.2.15
cis@ubuntu2004: 5.2.14
cis@ubuntu2204: 5.2.15
pcidss: Req-2.3
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml
index 6e46308b1de..95feba6c6de 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml
@@ -24,10 +24,12 @@ identifiers:
cce@rhel10: CCE-86792-9
cce@sle12: CCE-92280-7
cce@sle15: CCE-91396-2
+ cce@slmicro5: CCE-93875-3
references:
cis@sle12: 5.2.14
cis@sle15: 5.2.14
+ cis@slmicro5: 5.2.14
cis@ubuntu2204: 5.2.14
ocil_clause: 'MACs option is commented out or not using strong hash algorithms'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
index b5326194207..3ff94f136be 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-89061-6
cce@sle12: CCE-92241-9
cce@sle15: CCE-91361-6
+ cce@slmicro5: CCE-93874-6
references:
cis-csc: 12,15,8
cis@sle12: 2.2.2
cis@sle15: 2.2.2
+ cis@slmicro5: 2.2.2
cis@ubuntu2004: 2.2.2
cis@ubuntu2204: 2.2.1
cobit5: APO13.01,DSS01.04,DSS05.02,DSS05.03
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
index fc227651b8a..5d3f071b248 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
@@ -31,10 +31,12 @@ identifiers:
cce@rhel10: CCE-88391-8
cce@sle12: CCE-92242-7
cce@sle15: CCE-91362-4
+ cce@slmicro5: CCE-93873-8
references:
cis@sle12: 2.2.2
cis@sle15: 2.2.2
+ cis@slmicro5: 2.2.2
disa: CCI-000366
nist: CM-6(b)
srg: SRG-OS-000480-GPOS-00227
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index f26873ada27..88aa853a512 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -106,6 +106,7 @@ references:
cis-csc: 1,12,15,16
cis@sle12: 1.8.1.2
cis@sle15: 1.8.1.2
+ cis@slmicro5: 1.8.1.2
cis@ubuntu2004: 1.8.1.2
cis@ubuntu2204: 1.7.2
cobit5: DSS05.04,DSS05.10,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
index d88a8225982..9c079a9c1bc 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
@@ -53,10 +53,12 @@ identifiers:
cce@rhel10: CCE-87619-3
cce@sle12: CCE-92228-6
cce@sle15: CCE-91350-9
+ cce@slmicro5: CCE-94062-7
references:
cis@sle12: 1.8.1.3
cis@sle15: 1.8.1.3
+ cis@slmicro5: 1.8.1.3
cis@ubuntu2004: 1.8.1.3
cis@ubuntu2204: 1.7.3
disa: CCI-000048,CCI-001384,CCI-001385,CCI-001386,CCI-001387,CCI-001388
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
index 5735d20358c..2a975b00b2b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
index 4d77e8336de..632aa10fd72 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("motd_banner_text") }}}
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index 32e656d9e05..a5d328e4d17 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -53,10 +53,12 @@ identifiers:
cce@rhel10: CCE-88409-8
cce@sle12: CCE-92227-8
cce@sle15: CCE-91349-1
+ cce@slmicro5: CCE-94061-9
references:
cis@sle12: 1.8.1.1
cis@sle15: 1.8.1.1
+ cis@slmicro5: 1.8.1.1
cis@ubuntu2004: 1.8.1.1
cis@ubuntu2204: 1.7.1
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
index 5b462c571e2..7a0b8d8f7c3 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-89209-1
cce@sle12: CCE-92233-6
cce@sle15: CCE-91355-8
+ cce@slmicro5: CCE-94060-1
references:
cis@sle12: 1.8.1.5
cis@sle15: 1.8.1.5
+ cis@slmicro5: 1.8.1.5
cis@ubuntu2004: 1.8.1.5
cis@ubuntu2204: 1.7.5
@@ -33,7 +35,7 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/etc/issue", group="root")
ocil: |-
{{{ ocil_file_group_owner(file="/etc/issue", group="root") }}}
-{{%- if product in ['sle15'] %}}
+{{%- if product in ['sle15', 'slmicro5'] %}}
template:
name: file_groupowner
vars:
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
index b35984f5854..bde2eff35ad 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-88343-9
cce@sle12: CCE-92236-9
cce@sle15: CCE-91358-2
+ cce@slmicro5: CCE-94059-3
references:
cis@sle12: 1.8.1.6
cis@sle15: 1.8.1.6
+ cis@slmicro5: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
index 81166e8bdc4..b40c6b690b4 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87687-0
cce@sle12: CCE-92230-2
cce@sle15: CCE-91352-5
+ cce@slmicro5: CCE-94058-5
references:
cis@sle12: 1.8.1.4
cis@sle15: 1.8.1.4
+ cis@slmicro5: 1.8.1.4
cis@ubuntu2004: 1.8.1.4
cis@ubuntu2204: 1.7.4
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
index 9be88cdab3e..159422e87c6 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-88544-2
cce@sle12: CCE-92234-4
cce@sle15: CCE-91356-6
+ cce@slmicro5: CCE-94057-7
references:
cis@sle12: 1.8.1.5
cis@sle15: 1.8.1.5
+ cis@slmicro5: 1.8.1.5
cis@ubuntu2004: 1.8.1.5
cis@ubuntu2204: 1.7.5
@@ -33,7 +35,7 @@ ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/issue", owner="root") }}}'
ocil: |-
{{{ ocil_file_owner(file="/etc/issue", owner="root") }}}
-{{%- if product in ['sle15'] %}}
+{{%- if product in ['sle15', 'slmicro5'] %}}
template:
name: file_owner
vars:
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
index aaa54bea437..16c56cf631d 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-86969-3
cce@sle12: CCE-92237-7
cce@sle15: CCE-91359-0
+ cce@slmicro5: CCE-94056-9
references:
cis@sle12: 1.8.1.6
cis@sle15: 1.8.1.6
+ cis@slmicro5: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
index ef5d7898239..afcaa965e33 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87043-6
cce@sle12: CCE-92231-0
cce@sle15: CCE-91353-3
+ cce@slmicro5: CCE-94055-1
references:
cis@sle12: 1.8.1.4
cis@sle15: 1.8.1.4
+ cis@slmicro5: 1.8.1.4
cis@ubuntu2004: 1.8.1.4
cis@ubuntu2204: 1.7.4
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
index 905d300a86d..39d4aafa8c1 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-86812-5
cce@sle12: CCE-92232-8
cce@sle15: CCE-91354-1
+ cce@slmicro5: CCE-94054-4
references:
cis@sle12: 1.8.1.5
cis@sle15: 1.8.1.5
+ cis@slmicro5: 1.8.1.5
cis@ubuntu2004: 1.8.1.5
cis@ubuntu2204: 1.7.5
@@ -36,5 +38,9 @@ ocil: |-
template:
name: file_permissions
vars:
+{{%- if product == 'slmicro5' %}}
+ filepath: /run/issue
+{{%- else %}}
filepath: /etc/issue
+{{%- endif %}}
filemode: '0644'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
index b71a88b265d..f23acb892c4 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87831-4
cce@sle12: CCE-92235-1
cce@sle15: CCE-91357-4
+ cce@slmicro5: CCE-94053-6
references:
cis@sle12: 1.8.1.6
cis@sle15: 1.8.1.6
+ cis@slmicro5: 1.8.1.6
cis@ubuntu2004: 1.8.1.6
cis@ubuntu2204: 1.7.6
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
index 8b759322516..9da50452396 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-90411-0
cce@sle12: CCE-92229-4
cce@sle15: CCE-91351-7
+ cce@slmicro5: CCE-94052-8
references:
cis@sle12: 1.8.1.4
cis@sle15: 1.8.1.4
+ cis@slmicro5: 1.8.1.4
cis@ubuntu2004: 1.8.1.4
cis@ubuntu2204: 1.7.4
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
index afeea9dbe62..8758454ece6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
@@ -26,6 +26,7 @@ identifiers:
references:
cis@sle12: 5.3.3
cis@sle15: 5.3.3
+ cis@slmicro5: 5.3.3
cis@ubuntu2004: 5.3.3
disa: CCI-000200
nist@sle12: IA-5(1)(e),IA-5 (1).1(v)
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
index 59a119717d5..833caef2427 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
@@ -43,6 +43,7 @@ identifiers:
references:
cis@sle12: 5.3.2
cis@sle15: 5.3.2
+ cis@slmicro5: 5.3.2
cis@ubuntu2004: 5.3.2
disa: CCI-000044
nist@sle12: AC-7(a)
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml
index 8665b4c602e..ad38727f894 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh
index f74fa11a288..4d5ef2de9a9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/rule.yml
index 655393b4275..cd3ed3a7ccf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_deny_root/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-90683-4
cce@sle12: CCE-91546-2
cce@sle15: CCE-91281-6
+ cce@slmicro5: CCE-94051-0
references:
cis-csc: 1,12,15,16
cis@sle12: 5.3.2
cis@sle15: 5.3.2
+ cis@slmicro5: 5.3.2
cobit5: DSS05.04,DSS05.10,DSS06.10
disa: CCI-002238,CCI-000044
isa-62443-2009: 4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/ansible/shared.yml
index 4818446a100..8c795697d6a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/bash/shared.sh
index 3378a66d032..6469ddce43f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
index e86a38f43a8..816362e1f45 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-88162-3
cce@sle12: CCE-91598-3
cce@sle15: CCE-91282-4
+ cce@slmicro5: CCE-94050-2
references:
cis-csc: 1,12,15,16
cis@sle12: 5.3.2
- cis@sle15: 5.3.2
+ cis@sle15: 5.3.2
+ cis@slmicro5: 5.3.2
cobit5: DSS05.04,DSS05.10,DSS06.10
disa: CCI-002238,CCI-000044
isa-62443-2009: 4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/tests/pam_tally2_absent_account_config.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/tests/pam_tally2_absent_account_config.fail.sh
index 156a31cab9e..58a2fe404f6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/tests/pam_tally2_absent_account_config.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2_unlock_time/tests/pam_tally2_absent_account_config.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_sle
+# platform = multi_platform_sle,multi_platform_slmicro
cat >/etc/pam.d/common-account </etc/pam.d/common-account </etc/pam.d/common-account </etc/pam.d/common-account <> "${service_dropin_file}"
echo "ExecStart=-$sulogin" >> "${service_dropin_file}"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
index f16fe60c0b2..f0e8d952195 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
@@ -2,7 +2,7 @@
{{{ oval_metadata("The requirement for a password to boot into emergency mode
should be configured correctly.") }}}
-{{% if 'sle' in product or 'rhel' in product or product == 'fedora' %}}
+{{% if 'sle' in product or 'rhel' in product or product == 'fedora' or product == 'slmicro5' %}}
{{% endif %}}
@@ -13,7 +13,7 @@
-{{% if 'sle' in product or 'rhel' in product or product == 'fedora' %}}
+{{% if 'sle' in product or 'rhel' in product or product == 'fedora' or product == 'slmicro5' %}}
@@ -23,7 +23,7 @@
/usr/lib/systemd/system/emergency.service
- {{%- if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "sle12", "sle15"] or 'rhel' in product -%}}
+ {{%- if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "sle12", "sle15", "slmicro5"] or 'rhel' in product -%}}
^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency
{{%- else -%}}
^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
@@ -43,7 +43,7 @@
1
-{{% if 'sle' in product or 'rhel' in product or product == 'fedora' %}}
+{{% if 'sle' in product or 'rhel' in product or product == 'fedora' or product == 'slmicro5' %}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}}
@@ -78,7 +80,7 @@ fixtext: |-
Configure {{{ full_name }}} to require authentication for system emergency mode.
Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
- {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15", "slmicro5"] -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}}
ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
index 73d2f3ad045..19345cfcf91 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
rm -f /etc/systemd/system/emergency.service
mkdir -p /etc/systemd/system/emergency.service.d/
cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
index 4545cf49f2c..da0d857f6ae 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
rm -f /etc/systemd/system/emergency.service
mkdir -p /etc/systemd/system/emergency.service.d/
cat << EOF > /etc/systemd/system/emergency.service.d/10-oscap.conf
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
index 8f202eb31dd..4b57d1546fe 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
@@ -10,7 +10,7 @@
create: yes
dest: /usr/lib/systemd/system/rescue.service
regexp: "^#?ExecStart="
- {{% if product in ["ol8", "ol9", "sle12", "sle15"]-%}}
+ {{% if product in ["ol8", "ol9", "sle12", "sle15", "slmicro5"]-%}}
line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
{{%- else -%}}
line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
index 39b5667dba9..c63bd54a0da 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
@@ -1,6 +1,6 @@
# platform = multi_platform_all
-{{% if product in ["fedora", "ol8", "ol9", "sle12", "sle15",] or 'rhel' in product -%}}
+{{% if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "slmicro5"] or 'rhel' in product -%}}
{{% set sulogin="-/usr/lib/systemd/systemd-sulogin-shell rescue" %}}
{{%- else -%}}
{{% set sulogin='-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
index ba3c7adddb1..a8c4560f204 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
@@ -14,7 +14,7 @@
/usr/lib/systemd/system/rescue.service
{{%- endif -%}}
- {{%- if product in ["fedora", "ol8", "ol9", "rhcos4", "sle12", "sle15"] or 'rhel' in product -%}}
+ {{%- if product in ["fedora", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5"] or 'rhel' in product -%}}
^ExecStart\s?=\s?\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue
{{%- else -%}}
^ExecStart\s?=\s?\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index 90c48074eb1..1a1e62afe38 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-90014-2
cce@sle12: CCE-92324-3
cce@sle15: CCE-91428-3
+ cce@slmicro5: CCE-94048-6
references:
cis-csc: 1,11,12,14,15,16,18,3,5
cis@sle12: 1.5.3
cis@sle15: 1.5.3
+ cis@slmicro5: 1.5.3
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.06,DSS06.10
cui: 3.1.1,3.4.5
disa: CCI-000213
@@ -54,7 +56,7 @@ ocil: |-
To check if authentication is required for single-user mode, run the following command:
$ grep sulogin /usr/lib/systemd/system/rescue.service
The output should be similar to the following, and the line must begin with
- {{% if product in ["fedora", "ol8", "ol9", "rhcos4"] or 'rhel' in product -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5"] or 'rhel' in product -%}}
ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- else -%}}
@@ -84,7 +86,7 @@ fixtext: |-
Configure {{{ full_name }}} to require authentication in single user mode.
Add or update the following line in "/usr/lib/systemd/system/rescue.service":
- {{% if product in ["fedora", "ol8", "ol9", "sle12", "sle15"] or 'rhel' in product -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "sle12", "sle15", "slmicro5"] or 'rhel' in product -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- else -%}}
ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 3cbd74e9b58..5b61d3b8380 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.4.1.5
cis@sle15: 5.4.1.5
+ cis@slmicro5: 5.4.1.5
cis@ubuntu2004: 5.4.1.4
cis@ubuntu2204: 5.5.1.4
cjis: 5.6.2.1.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
index 44ef63e9f62..0c8d3d2c9c9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_unique_name/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-90323-7
cce@sle12: CCE-91550-4
cce@sle15: CCE-85845-6
+ cce@slmicro5: CCE-94045-2
references:
cis@sle12: 6.2.16
cis@sle15: 6.2.16
+ cis@slmicro5: 6.2.16
cis@ubuntu2004: 6.2.15
cis@ubuntu2204: 6.2.7
cjis: 5.5.2
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
index 3e6b401ff6d..6afaab79781 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/ensure_shadow_group_empty/rule.yml
@@ -20,10 +20,12 @@ severity: medium
identifiers:
cce@sle12: CCE-92213-8
cce@sle15: CCE-91344-2
+ cce@slmicro5: CCE-94044-5
references:
cis@sle12: 6.2.18
cis@sle15: 6.2.18
+ cis@slmicro5: 6.2.18
cis@ubuntu2004: 6.2.17
cis@ubuntu2204: 6.2.4
pcidss: Req-8.2.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index e2234963102..cc677e619cb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -20,6 +20,7 @@ identifiers:
references:
cis@sle12: 6.2.14
cis@sle15: 6.2.14
+ cis@slmicro5: 6.2.14
cis@ubuntu2004: 6.2.13
cis@ubuntu2204: 6.2.5
disa: CCI-000135,CCI-000764,CCI-000804
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
index 3dd65e2fc80..b4657dc65ae 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
@@ -15,10 +15,12 @@ identifiers:
cce@rhel10: CCE-86908-1
cce@sle12: CCE-92206-2
cce@sle15: CCE-91339-2
+ cce@slmicro5: CCE-94047-8
references:
cis@sle12: 6.2.15
cis@sle15: 6.2.15
+ cis@slmicro5: 6.2.15
cis@ubuntu2004: 6.2.14
cis@ubuntu2204: 6.2.6
disa: CCI-000764
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
index 691c7ef89cc..e31a0cd5387 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
@@ -14,10 +14,12 @@ identifiers:
cce@rhel10: CCE-88449-4
cce@sle12: CCE-92207-0
cce@sle15: CCE-91340-0
+ cce@slmicro5: CCE-94046-0
references:
cis@sle12: 6.2.17
cis@sle15: 6.2.17
+ cis@slmicro5: 6.2.17
cis@ubuntu2004: 6.2.16
cis@ubuntu2204: 6.2.8
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index 4fd6b372edc..cd2f88ecd5d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,12,15,16,5
cis@sle12: 5.4.1.2
cis@sle15: 5.4.1.2
+ cis@slmicro5: 5.4.1.2
cis@ubuntu2004: 5.4.1.1
cis@ubuntu2204: 5.5.1.2
cjis: 5.6.2.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index 84fd51d3690..3ae34ae92bc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -35,6 +35,7 @@ references:
cis-csc: 1,12,15,16,5
cis@sle12: 5.4.1.3
cis@sle15: 5.4.1.3
+ cis@slmicro5: 5.4.1.3
cis@ubuntu2004: 5.4.1.2
cis@ubuntu2204: 5.5.1.1
cjis: 5.6.2.1.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index 70b804ce89c..19d5c5245fc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -28,6 +28,7 @@ identifiers:
references:
cis@sle12: 5.4.1.2
cis@sle15: 5.4.1.2
+ cis@slmicro5: 5.4.1.2
cis@ubuntu2004: 5.4.1.1
cis@ubuntu2204: 5.5.1.2
disa: CCI-004066
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index 43567e34347..9214435a883 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -28,6 +28,7 @@ identifiers:
references:
cis@sle12: 5.4.1.3
cis@sle15: 5.4.1.3
+ cis@slmicro5: 5.4.1.3
cis@ubuntu2004: 5.4.1.2
cis@ubuntu2204: 5.5.1.1
disa: CCI-004066
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
index 55bf2317239..00bc427200c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
@@ -11,8 +11,8 @@ description: |-
This profile requirement is {{{ xccdf_value("var_accounts_password_warn_age_login_defs") }}}.
rationale: |-
- Providing an advance warning that a password will be expiring gives users
- time to think of a secure password. Users caught unaware may choose a simple
+ Providing an advance warning that a password will be expiring gives users
+ time to think of a secure password. Users caught unaware may choose a simple
password or write it down where it may be discovered.
severity: medium
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-87604-5
cce@sle12: CCE-92321-9
cce@sle15: CCE-92479-5
+ cce@slmicro5: CCE-94043-7
references:
cis@sle12: 5.4.1.4
cis@sle15: 5.4.1.4
+ cis@slmicro5: 5.4.1.4
disa: CCI-000198
nist: IA-5(f),IA-5(1)(d),CM-6(a)
nist@sle15: IA-5(1).1(v)
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
index 4994ff31599..8df20d2530c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
index 9c2eb3066f8..fbbf92f98dd 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-89628-2
cce@sle12: CCE-92205-4
cce@sle15: CCE-91335-0
+ cce@slmicro5: CCE-94042-9
references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.4.1.4
cis@sle15: 5.4.1.4
+ cis@slmicro5: 5.4.1.4
cis@ubuntu2004: 5.4.1.3
cis@ubuntu2204: 5.5.1.3
cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
index a347645ad46..de195f3f283 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
@@ -20,10 +20,12 @@ identifiers:
cce@rhel10: CCE-86554-3
cce@sle12: CCE-92322-7
cce@sle15: CCE-92480-3
+ cce@slmicro5: CCE-94041-1
references:
cis@sle12: 5.4.1.5
cis@sle15: 5.4.1.5
+ cis@slmicro5: 5.4.1.5
cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
cui: 3.5.6
disa: CCI-000017,CCI-000795,CCI-003627,CCI-003628
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
index d9c31d2197b..a30dbd2b99f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-87644-1
cce@sle12: CCE-91551-2
cce@sle15: CCE-85846-4
+ cce@slmicro5: CCE-94040-3
references:
cis-csc: 1,12,15,16,5
cis@sle12: 6.2.1
cis@sle15: 6.2.1
+ cis@slmicro5: 6.2.1
cis@ubuntu2204: 6.2.1
cjis: 5.5.2
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
index b3ce8eb5557..984b4391195 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -34,6 +34,7 @@ identifiers:
references:
cis@sle12: 5.4.1.1
cis@sle15: 5.4.1.1
+ cis@slmicro5: 5.4.1.1
cis@ubuntu2004: 5.3.4
disa: CCI-000803,CCI-004062
nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
index 1791cf04f80..b6741b81bb5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_last_change_is_in_past/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-90359-1
cce@sle12: CCE-92330-0
cce@sle15: CCE-92504-0
+ cce@slmicro5: CCE-94039-5
references:
cis@sle12: 5.4.1.6
cis@sle15: 5.4.1.6
+ cis@slmicro5: 5.4.1.6
cis@ubuntu2004: 5.4.1.5
cis@ubuntu2204: 5.5.1.5
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
index 76fdb853648..041eb71c9b3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/gid_passwd_group_same/rule.yml
@@ -17,11 +17,13 @@ identifiers:
cce@rhel10: CCE-87466-9
cce@sle12: CCE-91552-0
cce@sle15: CCE-85847-2
+ cce@slmicro5: CCE-94038-7
references:
cis-csc: 1,12,15,16,5
cis@sle12: 6.2.13
cis@sle15: 6.2.13
+ cis@slmicro5: 6.2.13
cis@ubuntu2004: 6.2.12
cis@ubuntu2204: 6.2.3
cjis: 5.5.2
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
index 411310e1c11..19b07324466 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
@@ -20,10 +20,12 @@ identifiers:
cce@rhel10: CCE-90050-6
cce@sle12: CCE-92349-0
cce@sle15: CCE-92622-0
+ cce@slmicro5: CCE-94037-9
references:
cis@sle12: 6.2.9
cis@sle15: 6.2.9
+ cis@slmicro5: 6.2.9
cis@ubuntu2004: 6.2.8
cis@ubuntu2204: 6.2.15
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
index 15b81d4d97e..9bdb8212e2e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel9: CCE-83620-5
cce@sle12: CCE-92286-4
cce@sle15: CCE-91399-6
+ cce@slmicro5: CCE-94036-1
references:
cis@sle12: 6.2.2
cis@sle15: 6.2.2
+ cis@slmicro5: 6.2.2
ocil_clause: 'the file contains legacy lines'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
index 7b33c1ac7aa..c5b52e65f55 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel9: CCE-83612-2
cce@sle12: CCE-92289-8
cce@sle15: CCE-91402-8
+ cce@slmicro5: CCE-94035-3
references:
cis@sle12: 6.2.2
cis@sle15: 6.2.2
+ cis@slmicro5: 6.2.2
ocil_clause: 'the file contains legacy lines'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_netrc_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_netrc_files/rule.yml
index 3d55e793701..5e0d21fc759 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_netrc_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_netrc_files/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-89147-3
cce@sle12: CCE-92368-0
cce@sle15: CCE-92655-0
+ cce@slmicro5: CCE-94034-6
references:
cis-csc: 1,11,12,14,15,16,18,3,5
cis@sle12: 6.2.10
cis@sle15: 6.2.10
+ cis@slmicro5: 6.2.10
cis@ubuntu2004: 6.2.9
cis@ubuntu2204: 6.2.14
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.06,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index 3147b3e0d70..bf1f82e2cbf 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -34,6 +34,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,3,5
cis@sle12: 6.2.3
cis@sle15: 6.2.3
+ cis@slmicro5: 6.2.3
cis@ubuntu2004: 6.2.2
cis@ubuntu2204: 6.2.10
cobit5: APO01.06,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
index 4b8e3310f11..4747ac184a5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/rule.yml
@@ -16,10 +16,12 @@ identifiers:
cce@rhel10: CCE-90244-5
cce@sle12: CCE-91635-3
cce@sle15: CCE-91289-9
+ cce@slmicro5: CCE-94033-8
references:
cis@sle12: 5.4.3
cis@sle15: 5.4.3
+ cis@slmicro5: 5.4.3
cis@ubuntu2004: 5.4.3
cis@ubuntu2204: 5.5.3
pcidss: Req-8.1.1
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
index 888cc054fa2..987fb5d8b2d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
index 7bbfd767543..df4c8338b4b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
index 9b504d70fcf..1c73ef134d0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-89099-6
cce@sle12: CCE-92353-2
cce@sle15: CCE-92528-9
+ cce@slmicro5: CCE-94032-0
references:
cis@sle12: '5.6'
cis@sle15: '5.6'
+ cis@slmicro5: '5.6'
cis@ubuntu2004: '5.6'
cis@ubuntu2204: 5.3.7
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
index 97061053bcf..0f3b6edda15 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
@@ -33,11 +33,13 @@ identifiers:
cce@rhel10: CCE-87481-8
cce@sle12: CCE-91497-8
cce@sle15: CCE-91427-5
+ cce@slmicro5: CCE-94031-2
references:
cis-csc: 1,12,15,16,5
cis@sle12: "5.5"
cis@sle15: "5.5"
+ cis@slmicro5: '5.5'
cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
cui: 3.1.1,3.1.6
hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index 94e6e7413b0..bf4c8e9376b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -33,6 +33,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
cis@sle12: 5.4.2
cis@sle15: 5.4.2
+ cis@slmicro5: 5.4.2
cis@ubuntu2004: 5.4.2
cis@ubuntu2204: 5.5.2
cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS06.03
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
index 10a747ef223..429a8dcd112 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
index 72fe084dd0c..156e2bcb2eb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-89376-8
cce@sle12: CCE-92238-5
cce@sle15: CCE-91430-9
+ cce@slmicro5: CCE-94030-4
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: "5.5"
cis@sle15: "5.5"
+ cis@slmicro5: '5.5'
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
cui: '3.1.1,3.1.5'
disa: CCI-000770
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
index e236b1ec2e1..9bbbb95858e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
index d16374ffd6a..cb7530b3826 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
PAM_CONF=/etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
index c74eed55b03..2894a0aef00 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
@@ -22,10 +22,12 @@ identifiers:
cce@rhel10: CCE-87119-4
cce@sle12: CCE-92351-6
cce@sle15: CCE-92522-2
+ cce@slmicro5: CCE-94029-6
references:
cis@sle12: '5.6'
cis@sle15: '5.6'
+ cis@slmicro5: '5.6'
cis@ubuntu2004: '5.6'
cis@ubuntu2204: 5.3.7
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 87d0205fa4b..c787373eadb 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -49,6 +49,7 @@ references:
cis-csc: 1,12,15,16
cis@sle12: 5.4.4
cis@sle15: 5.4.4
+ cis@slmicro5: 5.4.4
cis@ubuntu2004: 5.4.5
cis@ubuntu2204: 5.5.5
cobit5: DSS05.04,DSS05.10,DSS06.10
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index a05675fbf5d..aa2283271ee 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -29,6 +29,7 @@ identifiers:
references:
cis@sle12: 6.2.5
cis@sle15: 6.2.5
+ cis@slmicro5: 6.2.5
cis@ubuntu2004: 6.2.4
cis@ubuntu2204: 6.2.11
disa: CCI-000366
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
index 72dd0b8c092..e04ce08d056 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87460-2
cce@sle12: CCE-92290-6
cce@sle15: CCE-91403-6
+ cce@slmicro5: CCE-94028-8
references:
cis@sle12: 6.2.6
cis@sle15: 6.2.6
+ cis@slmicro5: 6.2.6
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020680
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
index 98682fbe58c..21db8397f5f 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel8: CCE-87369-5
cce@sle12: CCE-92446-4
cce@sle15: CCE-92697-2
+ cce@slmicro5: CCE-94027-0
references:
cis@sle12: 6.2.11
cis@sle15: 6.2.11
+ cis@slmicro5: 6.2.11
ocil_clause: 'the group and world permissions are incorrect'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
index e3df0021c91..ddc2943a964 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -26,6 +26,7 @@ identifiers:
references:
cis@sle12: 6.2.6
cis@sle15: 6.2.6
+ cis@slmicro5: 6.2.6
cis@ubuntu2004: 6.2.5
cis@ubuntu2204: 6.2.13
disa: CCI-000366
diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
index 5bfb963a12f..1273e06801c 100644
--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/rule.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/rule.yml
index 75ed471dc12..70c1562804f 100644
--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-88150-8
cce@sle12: CCE-92288-0
cce@sle15: CCE-91401-0
+ cce@slmicro5: CCE-94026-2
references:
cis-csc: 11,3,9
cis@sle12: 6.2.4
cis@sle15: 6.2.4
+ cis@slmicro5: 6.2.4
cis@ubuntu2004: 6.2.3
cis@ubuntu2204: 6.2.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/root_path_no_dot/rule.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/root_path_no_dot/rule.yml
index a410f861004..7fe1b84f864 100644
--- a/linux_os/guide/system/accounts/accounts-session/root_paths/root_path_no_dot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/root_path_no_dot/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-88793-5
cce@sle12: CCE-92287-2
cce@sle15: CCE-91400-2
+ cce@slmicro5: CCE-94025-4
references:
cis-csc: 11,3,9
cis@sle12: 6.2.4
cis@sle15: 6.2.4
+ cis@slmicro5: 6.2.4
cis@ubuntu2204: 6.2.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
disa: CCI-000366
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/ansible/shared.yml
index 35128171c14..606b06ff555 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/ansible/shared.yml
@@ -5,7 +5,7 @@
# disruption = low
{{{ ansible_instantiate_variables("var_accounts_user_umask") }}}
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
{{% set etc_bash_rc = "/etc/bash.bashrc" %}}
{{% else %}}
{{% set etc_bash_rc = "/etc/bashrc" %}}
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh
index 3daeddd696d..81390348e91 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh
@@ -2,7 +2,7 @@
{{{ bash_instantiate_variables("var_accounts_user_umask") }}}
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
{{% set etc_bash_rc = "/etc/bash.bashrc" %}}
{{% else %}}
{{% set etc_bash_rc = "/etc/bashrc" %}}
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/oval/shared.xml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/oval/shared.xml
index dcb601eb30c..39408fa1d33 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
{{% set etc_bash_rc = "/etc/bash.bashrc" %}}
{{% else %}}
{{% set etc_bash_rc = "/etc/bashrc" %}}
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
index f94449e092d..f0f585a720e 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -3,7 +3,7 @@ documentation_complete: true
title: 'Ensure the Default Bash Umask is Set Correctly'
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
{{% set etc_bash_rc = "/etc/bash.bashrc" %}}
{{% else %}}
{{% set etc_bash_rc = "/etc/bashrc" %}}
@@ -29,11 +29,13 @@ identifiers:
cce@rhel10: CCE-88580-6
cce@sle12: CCE-91530-6
cce@sle15: CCE-91215-4
+ cce@slmicro5: CCE-94023-9
references:
cis-csc: '18'
cis@sle12: 5.4.5
cis@sle15: 5.4.5
+ cis@slmicro5: 5.4.5
cis@ubuntu2004: 5.4.4
cis@ubuntu2204: 5.5.4
cobit5: APO13.01,BAI03.01,BAI03.02,BAI03.03
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/missing.fail.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/missing.fail.sh
index 2a8fd6091e2..9fa7dddf59d 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/missing.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/ospp_cis_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/ospp_cis_correct.pass.sh
index a199eb4e0dd..56c31f7e8be 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/ospp_cis_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/ospp_cis_correct.pass.sh
@@ -2,7 +2,7 @@
# profiles = xccdf_org.ssgproject.content_profile_cis, xccdf_org.ssgproject.content_profile_ospp
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/super_compliant.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/super_compliant.pass.sh
index 2780838e364..e12f6020bcd 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/super_compliant.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/super_compliant.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5'%}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong.fail.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong.fail.sh
index 8f504f2cc59..a6ad7083e59 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_mangled_and_not_at_the_begining_of_line.fail.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_mangled_and_not_at_the_begining_of_line.fail.sh
index 1f7fe8618d4..64cd9394df6 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_mangled_and_not_at_the_begining_of_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_mangled_and_not_at_the_begining_of_line.fail.sh
@@ -3,7 +3,7 @@
# This TS is a regression test for https://github.com/ComplianceAsCode/content/issues/11937
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5'%}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_not_at_the_begining_of_line.fail.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_not_at_the_begining_of_line.fail.sh
index 0409731f019..b1efda562c4 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_not_at_the_begining_of_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_and_not_at_the_begining_of_line.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5'%}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_multiple.fail.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_multiple.fail.sh
index 1b4d00cc868..3a9f47a29fa 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_multiple.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/wrong_multiple.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bash
-{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product %}}
+{{% if 'sle' in product or 'ubuntu' in product or 'debian' in product or product == 'slmicro5' %}}
etc_bash_rc="/etc/bash.bashrc"
{{% else %}}
etc_bash_rc="/etc/bashrc"
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
index ba0eed42ee5..223eb3926ef 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -26,6 +26,7 @@ references:
cis-csc: 11,18,3,9
cis@sle12: 5.4.5
cis@sle15: 5.4.5
+ cis@slmicro5: 5.4.5
cis@ubuntu2004: 5.4.4
cis@ubuntu2204: 5.5.4
cobit5: APO13.01,BAI03.01,BAI03.02,BAI03.03,BAI10.01,BAI10.02,BAI10.03,BAI10.05
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
index fab5e5e16a6..3a6b2ea703f 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-87651-6
cce@sle12: CCE-91531-4
cce@sle15: CCE-91216-2
+ cce@slmicro5: CCE-94024-7
references:
cis-csc: '18'
cis@sle12: 5.4.5
cis@sle15: 5.4.5
+ cis@slmicro5: 5.4.5
cis@ubuntu2004: 5.4.4
cis@ubuntu2204: 5.5.4
cobit5: APO13.01,BAI03.01,BAI03.02,BAI03.03
diff --git a/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml b/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
index 58060fe68b3..ab37536332e 100644
--- a/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
+++ b/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
@@ -15,10 +15,12 @@ severity: medium
identifiers:
cce@sle12: CCE-83225-3
cce@sle15: CCE-85765-6
+ cce@slmicro5: CCE-94022-1
references:
cis@sle12: 1.7.1.1
cis@sle15: 1.7.1.1
+ cis@slmicro5: 1.7.1.1
disa: CCI-001764,CCI-001774,CCI-002165,CCI-002233,CCI-002235
nist: AC-3(4),AC-6(8),AC-6(10),CM-7(5)(b),CM-7(2),SC-7(21),CM-6(a)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
index bed7cba30bc..5c9a0b07154 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-88691-1
cce@sle12: CCE-91623-9
cce@sle15: CCE-85849-8
+ cce@slmicro5: CCE-94021-3
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
+ cis@slmicro5: 1.5.2
cjis: 5.5.2.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
cui: 3.4.5
@@ -48,7 +50,7 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}
srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}'
-platform: machine
+platform: system_with_kernel
template:
name: file_groupowner
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
index fada1730e39..0e797faaadd 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-89438-6
cce@sle12: CCE-91624-7
cce@sle15: CCE-85848-0
+ cce@slmicro5: CCE-94020-5
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
+ cis@slmicro5: 1.5.2
cis@ubuntu2004: 1.5.2
cis@ubuntu2204: 1.4.2
cjis: 5.5.2.2
@@ -44,7 +46,7 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", own
ocil: |-
{{{ ocil_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}}
-platform: machine
+platform: system_with_kernel
template:
name: file_owner
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
index 582ff8e50f5..08a379d1712 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-89290-1
cce@sle12: CCE-92216-1
cce@sle15: CCE-91426-7
+ cce@slmicro5: CCE-94019-7
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.5.2
cis@sle15: 1.5.2
+ cis@slmicro5: 1.5.2
cis@ubuntu2004: 1.5.2
cis@ubuntu2204: 1.4.2
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
@@ -44,7 +46,7 @@ ocil: |-
If properly configured, the output should indicate the following
permissions: -rw-------
-platform: machine
+platform: system_with_kernel
template:
name: file_permissions
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index c58c5f22635..bb7ceedc8f8 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -50,6 +50,7 @@ references:
cis-csc: 1,11,12,14,15,16,18,3,5
cis@sle12: 1.5.1
cis@sle15: 1.5.1
+ cis@slmicro5: 1.5.1
cis@ubuntu2004: 1.5.1
cis@ubuntu2204: 1.4.1
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.06,DSS06.10
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml
index 76862329c91..e492a98fa3f 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml
@@ -51,4 +51,4 @@ warnings:
Also, do NOT manually add the superuser account and password to the
grub.cfg file as the grub2-mkconfig command overwrites this file.
-platform: machine
+platform: system_with_kernel
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
index 2d7597eb225..4cf5ee4725c 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
@@ -51,6 +51,7 @@ references:
cis-csc: 11,12,14,15,16,18,3,5
cis@sle12: 1.5.1
cis@sle15: 1.5.1
+ cis@slmicro5: 1.5.1
cis@ubuntu2004: 1.5.1
cis@ubuntu2204: 1.4.1
cobit5: DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.03,DSS06.06
@@ -92,7 +93,7 @@ warnings:
Also, do NOT manually add the superuser account and password to the
grub.cfg file as the grub2-mkconfig command overwrites this file.
-platform: machine
+platform: system_with_kernel
fixtext: |-
Configure {{{ full_name }}} to use a secure UEFI boot loader password.
diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
index 7eafd360bbc..eb2c4efd724 100644
--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-87639-1
cce@sle12: CCE-92261-7
cce@sle15: CCE-91377-2
+ cce@slmicro5: CCE-94018-9
references:
cis@sle12: 4.2.2.2
cis@sle15: 4.2.2.2
+ cis@slmicro5: 4.2.2.2
cis@ubuntu2004: 4.2.2.2
cis@ubuntu2204: 4.2.1.3
diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
index e0fab4b2422..03597a1e8f3 100644
--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel9: CCE-85996-7
cce@sle12: CCE-92260-9
cce@sle15: CCE-91376-4
+ cce@slmicro5: CCE-94017-1
references:
cis@sle12: 4.2.2.1
cis@sle15: 4.2.2.1
+ cis@slmicro5: 4.2.2.1
cis@ubuntu2004: 4.2.2.1
ocil_clause: 'is commented out or not configured correctly'
diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
index d13ef07c9a4..2ea267ae5c2 100644
--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-90077-9
cce@sle12: CCE-92262-5
cce@sle15: CCE-91378-0
+ cce@slmicro5: CCE-94016-3
references:
cis@sle12: 4.2.2.3
cis@sle15: 4.2.2.3
+ cis@slmicro5: 4.2.2.3
cis@ubuntu2004: 4.2.2.3
cis@ubuntu2204: 4.2.1.4
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/ansible/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/ansible/shared.yml
index 85d26a204eb..41d2aa7fa75 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/ansible/shared.yml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/ansible/shared.yml
@@ -18,7 +18,7 @@
regexp: '^[\s]*(weekly|monthly|yearly)$'
state: absent
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or product == 'slmicro5' %}}
- name: Enable timer logrotate
systemd:
name: "logrotate.timer"
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh
index f7b052b3e21..0d11f0dca20 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/bash/shared.sh
@@ -1,7 +1,7 @@
# platform = multi_platform_all
LOGROTATE_CONF_FILE="/etc/logrotate.conf"
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or product == 'slmicro5' %}}
SYSTEMCTL_EXEC='/usr/bin/systemctl'
{{% else %}}
{{{ bash_package_install("crontabs") }}}
@@ -14,7 +14,7 @@ grep -q "^daily$" $LOGROTATE_CONF_FILE|| echo "daily" >> $LOGROTATE_CONF_FILE
# remove any line configuring weekly, monthly or yearly rotation
sed -i '/^\s*\(weekly\|monthly\|yearly\).*$/d' $LOGROTATE_CONF_FILE
-{{% if 'sle' in product %}}
+{{% if 'sle' in product or product == 'slmicro5' %}}
# enable logrotate timer service
"$SYSTEMCTL_EXEC" unmask 'logrotate.timer'
"$SYSTEMCTL_EXEC" start 'logrotate.timer'
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
index b4cb3fbadc6..82b0d0651d8 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
@@ -11,7 +11,7 @@
test_ref="test_logrotate_conf_no_other_keyword" />
-{{% if product in ["rhcos4", "rhel9", "rhel10", "sle12", "sle15", "ol9"] %}}
+{{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "sle12", "sle15", "slmicro5"] %}}
{{% endif %}}
@@ -54,7 +54,7 @@
1
-{{% if product in ["rhcos4", "rhel9", "rhel10", "sle12", "sle15", "ol9"] %}}
+ {{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "sle12", "sle15", "slmicro5"] %}}
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
index d905b58277c..20059167127 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/rule.yml
@@ -26,11 +26,13 @@ identifiers:
cce@rhel10: CCE-88779-4
cce@sle12: CCE-91511-6
cce@sle15: CCE-85850-6
+ cce@slmicro5: CCE-94014-8
references:
cis-csc: 1,14,15,16,3,5,6
cis@sle12: "4.2.4"
cis@sle15: "4.2.4"
+ cis@slmicro5: 4.2.4
cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000366
isa-62443-2009: 4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
diff --git a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
index 102c18b2a67..079fa03db6e 100644
--- a/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/package_logrotate_installed/rule.yml
@@ -15,11 +15,13 @@ identifiers:
cce@rhel10: CCE-88423-9
cce@sle12: CCE-92386-2
cce@sle15: CCE-92561-0
+ cce@slmicro5: CCE-94015-5
references:
cis-csc: 1,14,15,16,3,5,6
cis@sle12: "4.2.4"
cis@sle15: "4.2.4"
+ cis@slmicro5: 4.2.4
cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000366
isa-62443-2009: 4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
index ef3415b6a7b..ef960d4ab74 100644
--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-87463-6
cce@sle12: CCE-92401-9
cce@sle15: CCE-92585-9
+ cce@slmicro5: CCE-94013-0
references:
cis-csc: 1,14,15,16,3,5,6
cis@sle12: "4.2.4"
cis@sle15: "4.2.4"
+ cis@slmicro5: 4.2.4
cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01
disa: CCI-000366
isa-62443-2009: 4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
index c18b89c9eef..c1bec3fa3d5 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
@@ -18,9 +18,11 @@ identifiers:
cce@rhel8: CCE-86506-3
cce@rhel9: CCE-86507-1
cce@sle15: CCE-92470-4
+ cce@slmicro5: CCE-94012-2
references:
cis@sle15: 3.5.2.1
+ cis@slmicro5: 3.5.2.1
disa: CCI-002385
nist: SC-5
srg: SRG-OS-000420-GPOS-00186
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 13ab7604067..6f7cc146261 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -25,9 +25,11 @@ identifiers:
cce@rhel10: CCE-88164-9
cce@sle12: CCE-91461-4
cce@sle15: CCE-85698-9
+ cce@slmicro5: CCE-94010-6
references:
cis@sle15: 3.5.1.1
+ cis@slmicro5: 3.5.1.1
disa: CCI-000382,CCI-000366,CCI-002314,CCI-002322
nist: CM-6(a)
nist@sle15: CM-7,CM-7.1(iii),CM-7(b),AC-17(1)
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index d52baffd9f2..6f0bf8b41ed 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -27,6 +27,7 @@ identifiers:
references:
cis-csc: 11,3,9
cis@sle15: 3.5.1.3
+ cis@slmicro5: 3.5.1.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
cui: 3.1.3,3.4.7
disa: CCI-000382,CCI-000366,CCI-002314
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/package_firewalld_removed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/package_firewalld_removed/rule.yml
index 903745f610d..c2970f30da1 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/package_firewalld_removed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/package_firewalld_removed/rule.yml
@@ -19,9 +19,11 @@ severity: medium
identifiers:
cce@sle15: CCE-92471-2
+ cce@slmicro5: CCE-94008-0
references:
cis@sle15: 3.5.2.2,3.5.3.1.3
+ cis@slmicro5: 3.5.2.2,3.5.3.1.3
{{{ complete_ocil_entry_package(package="firewalld") }}}
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/service_firewalld_disabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/service_firewalld_disabled/rule.yml
index ddd6190a0d3..cc6f5f3cb76 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/service_firewalld_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_deactivation/service_firewalld_disabled/rule.yml
@@ -12,7 +12,7 @@ description: |-
{{{ describe_service_disable(service="firewalld") }}}
rationale: |-
- Running Firewalld along other service with the same functionality may lead to conflict
+ Running Firewalld along other service with the same functionality may lead to conflict
and unexpected results.
severity: medium
@@ -21,10 +21,11 @@ platform: package[firewalld]
identifiers:
cce@sle15: CCE-92472-0
+ cce@slmicro5: CCE-94007-2
references:
cis@sle15: 3.5.2.2,3.5.3.1.3
-
+ cis@slmicro5: 3.5.2.2,3.5.3.1.3
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="firewalld") }}}
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index 0ea52afd994..6c2b02d72f5 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel9: CCE-84023-1
cce@rhel10: CCE-87823-1
cce@sle15: CCE-91410-1
+ cce@slmicro5: CCE-94009-8
references:
cis-csc: 11,14,3,9
cis@sle15: 3.5.1.4
+ cis@slmicro5: 3.5.1.4
cjis: 5.10.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
cui: 3.1.3,3.4.7,3.13.6
diff --git a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml
index b6efe71aa27..ddc53494c3a 100644
--- a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml
@@ -5,8 +5,8 @@ title: 'Ensure Unnecessary Services and Ports Are Not Accepted'
description: |-
Services and ports can be accepted or explicitly rejected or dropped by a zone.
- For every zone, a default behavior can be set that handles incoming traffic that
- is not further specified. Such behavior is defined by setting the target of the zone.
+ For every zone, a default behavior can be set that handles incoming traffic that
+ is not further specified. Such behavior is defined by setting the target of the zone.
The possible options are:
- ACCEPT - accepts all incoming packets except those disabled by a specific rule.
- REJECT - disables all incoming packets except those that have been allowed in
@@ -24,18 +24,20 @@ platform: package[firewalld]
identifiers:
cce@sle15: CCE-92552-9
+ cce@slmicro5: CCE-94011-4
references:
cis@sle15: 3.5.1.6
+ cis@slmicro5: 3.5.1.6
ocil_clause: 'the system accepts incoming packets for unnecessary services and ports'
ocil: |-
- To review and to ensure that listed services and ports follow site policy run the
- following command:
+ To review and to ensure that listed services and ports follow site policy run the
+ following command:
$ sudo firewall-cmd --get-active-zones | awk '!/:/ {print $1}' | while read ZN; do
firewall-cmd --list-all --zone=$ZN; done
- To remove an unnecessary service, run the following command:
+ To remove an unnecessary service, run the following command:
$ sudo firewall-cmd --remove-service=
To remove an unnecessary port, run the following command:
$ sudo firewall-cmd --remove-port=/
diff --git a/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml b/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml
index 89a7dd08709..c5f8559ab97 100644
--- a/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/ensure_iptables_are_flushed/rule.yml
@@ -7,8 +7,8 @@ description: |-
nftables is a replacement for iptables, ip6tables, ebtables and arptables
rationale: |-
- It is possible to mix iptables and nftables. However, this increases complexity
- and also the chance to introduce errors. For simplicity flush out all iptables
+ It is possible to mix iptables and nftables. However, this increases complexity
+ and also the chance to introduce errors. For simplicity flush out all iptables
rules, and ensure it is not loaded.
severity: medium
@@ -17,20 +17,22 @@ platform: package[iptables]
identifiers:
cce@sle15: CCE-92523-0
+ cce@slmicro5: CCE-94005-6
references:
cis@sle15: 3.5.2.3
+ cis@slmicro5: 3.5.2.3
ocil_clause: 'Your system is configured to use nftables, but iptables rules exist on it'
ocil: |-
- To verify that on your system not iptables rules exist, and no rules will be returned
+ To verify that on your system not iptables rules exist, and no rules will be returned
run the following command:
$ sudo iptables -L
- and/or to verify that on your system not ip6tables rules exist, and no rules will be
+ and/or to verify that on your system not ip6tables rules exist, and no rules will be
returned run:
$ sudo ip6tables -L
To flush iptables run the following command:
$ sudo iptables -F
and/or to flush ip6tbales run:
- $ sudo ip6tables -F
+ $ sudo ip6tables -F
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml
index b109b97192d..14cbf9801fa 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/service_iptables_enabled/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel9: CCE-85962-9
cce@sle12: CCE-92317-7
cce@sle15: CCE-92475-3
+ cce@slmicro5: CCE-94004-9
references:
cis-csc: 1,11,12,13,14,15,16,18,3,4,6,8,9
cis@sle12: 3.5.1.1
cis@sle15: 3.5.3.1.1
+ cis@slmicro5: 3.5.3.1.1
cobit5: APO01.06,APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
isa-62443-2009: 4.2.3.4,4.3.3.4,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 7.1,SR 7.6'
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
index 16a647581be..c056938d54c 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ip6tables_default_rule/rule.yml
@@ -32,11 +32,13 @@ identifiers:
cce@rhel10: CCE-86740-8
cce@sle12: CCE-91648-6
cce@sle15: CCE-91342-6
+ cce@slmicro5: CCE-94003-1
references:
cis-csc: 11,14,3,9
cis@sle12: 3.5.3.4
cis@sle15: 3.5.3.3.1
+ cis@slmicro5: 3.5.3.3.1
cis@ubuntu2004: 3.5.3.3.1
cis@ubuntu2204: 3.5.3.3.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
index 0b732522102..0a28ea58855 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml
@@ -22,10 +22,12 @@ platform: not package[nftables] and not package[ufw] and package[iptables]
identifiers:
cce@sle12: CCE-92215-3
cce@sle15: CCE-91346-7
+ cce@slmicro5: CCE-94002-3
references:
cis@sle12: 3.5.3.1
cis@sle15: 3.5.3.3.2
+ cis@slmicro5: 3.5.3.3.2
cis@ubuntu2004: 3.5.3.3.2
cis@ubuntu2204: 3.5.3.3.2
pcidss: Req-1.3
diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
index dd6270d4634..34db3ae1e72 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml
@@ -22,10 +22,12 @@ platform: not package[nftables] and not package[ufw] and package[iptables]
identifiers:
cce@sle12: CCE-92214-6
cce@sle15: CCE-91345-9
+ cce@slmicro5: CCE-94001-5
references:
cis@sle12: 3.5.2.1
cis@sle15: 3.5.3.2.2
+ cis@slmicro5: 3.5.3.2.2
cis@ubuntu2004: 3.5.3.2.2
cis@ubuntu2204: 3.5.3.2.2
pcidss: Req-1.3
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml
index 6849136bbd7..f194da365cd 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel9: CCE-85969-4
cce@sle12: CCE-92333-4
cce@sle15: CCE-92494-4
+ cce@slmicro5: CCE-94000-7
references:
cis-csc: 11,14,3,9
cis@sle12: 3.5.3.2.1
cis@sle15: 3.5.3.2.1
+ cis@slmicro5: 3.5.3.2.1
cis@ubuntu2004: 3.5.3.2.1
cis@ubuntu2204: 3.5.3.2.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule_forward/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule_forward/rule.yml
index b6ea28e977e..7ef0be1d7d9 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule_forward/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule_forward/rule.yml
@@ -21,10 +21,12 @@ severity: medium
identifiers:
cce@sle15: CCE-92483-7
+ cce@slmicro5: CCE-93999-1
references:
cis-csc: 11,14,3,9
cis@sle15: 3.5.3.2.1
+ cis@slmicro5: 3.5.3.2.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml
index 38f5682a138..e03bbe9b8db 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml
@@ -15,10 +15,12 @@ severity: medium
identifiers:
cce@sle12: CCE-92343-3
cce@sle15: CCE-92531-3
+ cce@slmicro5: CCE-93998-3
references:
cis@sle12: 3.5.2.2,3.5.3.2
cis@sle15: 3.5.3.2.3,3.5.3.3.3
+ cis@slmicro5: 3.5.3.2.3,3.5.3.3.3
ocil_clause: 'there are no rules configuring outbound or established connections'
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
index b3bd7d69c97..aa83b94e350 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
@@ -20,10 +20,12 @@ identifiers:
cce@rhel8: CCE-82982-0
cce@sle12: CCE-91549-6
cce@sle15: CCE-91244-4
+ cce@slmicro5: CCE-94006-4
references:
cis@sle12: 3.5.1.1
cis@sle15: 3.5.3.1.1
+ cis@slmicro5: 3.5.3.1.1
cis@ubuntu2004: 3.5.3.1.1
cis@ubuntu2204: 3.5.3.1.1
nist: CM-6(a)
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
index b361549d1a7..828c4a36ed1 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-88665-5
cce@sle12: CCE-92315-1
cce@sle15: CCE-92473-8
+ cce@slmicro5: CCE-93995-9
references:
cis-csc: 11,14,3,9
cis@sle12: 3.3.9
cis@sle15: 3.3.9
+ cis@slmicro5: 3.3.9
cis@ubuntu2004: 3.3.9
cis@ubuntu2204: 3.3.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index 4e7c5be44f8..fbe90dd6171 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -22,6 +22,7 @@ references:
cis-csc: 11,14,3,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
+ cis@slmicro5: 3.3.2
cis@ubuntu2004: 3.3.2
cis@ubuntu2204: 3.3.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index bab3ff393f5..70f3f6e3e48 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
+ cis@slmicro5: 3.3.1
cis@ubuntu2004: 3.3.1
cis@ubuntu2204: 3.3.1
cobit5: APO01.06,APO13.01,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
index b9cde5e5851..ad75ea33116 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -24,6 +24,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.2.1
cis@sle15: 3.2.1
+ cis@slmicro5: 3.2.1
cis@ubuntu2004: 3.2.2
cis@ubuntu2204: 3.2.2
cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07,DSS06.06
@@ -60,4 +61,4 @@ template:
datatype: int
{{% if "openeuler" in product or "kylinserver" in product %}}
missing_parameter_pass: 'true'
-{{% endif %}}
+{{% endif %}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
index a3164b1b1bd..cd8d1b6d11b 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-90557-0
cce@sle12: CCE-92316-9
cce@sle15: CCE-92474-6
+ cce@slmicro5: CCE-93994-2
references:
cis-csc: 11,14,3,9
cis@sle12: 3.3.9
cis@sle15: 3.3.9
+ cis@slmicro5: 3.3.9
cis@ubuntu2004: 3.3.9
cis@ubuntu2204: 3.3.9
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index a5b2f2c1aa8..eee34c1fb24 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -22,6 +22,7 @@ references:
cis-csc: 11,14,3,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
+ cis@slmicro5: 3.3.2
cis@ubuntu2004: 3.3.2
cis@ubuntu2204: 3.3.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index c46cdcfeaac..5769dbd055f 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
+ cis@slmicro5: 3.3.1
cis@ubuntu2004: 3.3.1
cis@ubuntu2204: 3.3.1
cobit5: APO01.06,APO13.01,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.07,DSS06.02
@@ -64,4 +65,4 @@ template:
datatype: int
{{% if "openeuler" in product or "kylinserver" in product %}}
missing_parameter_pass: 'true'
-{{% endif %}}
+{{% endif %}}
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
index 1316099ce37..1ddfff1f315 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel8: CCE-82887-1
cce@sle12: CCE-91548-8
cce@sle15: CCE-91240-2
+ cce@slmicro5: CCE-93997-5
references:
cis@sle12: 3.1.1
cis@sle15: 3.1.1
+ cis@slmicro5: 3.1.1
pcidss: Req-1.3.1,Req-1.3.2
ocil_clause: 'IPv6 is not disabled'
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
index a209b4bb92e..002af0f343d 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel9: CCE-86215-1
cce@sle12: CCE-92359-9
cce@sle15: CCE-92496-9
+ cce@slmicro5: CCE-93996-7
references:
cis-csc: 11,14,3,9
cis@sle12: 3.1.1
cis@sle15: 3.1.1
+ cis@slmicro5: 3.1.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
cui: 3.1.20
disa: CCI-001551
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 6367ef8eac6..df7f490e8a7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -29,6 +29,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
+ cis@slmicro5: 3.3.2
cis@ubuntu2004: 3.3.2
cis@ubuntu2204: 3.3.2
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index 97ceccc1fa3..c961e0c3b6a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
+ cis@slmicro5: 3.3.1
cis@ubuntu2004: 3.3.1
cis@ubuntu2204: 3.3.1
cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
index ad5c3564e87..6da7fd0679c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-89499-8
cce@sle12: CCE-91537-1
cce@sle15: CCE-91222-0
+ cce@slmicro5: CCE-93993-4
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.4
cis@sle15: 3.3.4
+ cis@slmicro5: 3.3.4
cis@ubuntu2004: 3.3.4
cis@ubuntu2204: 3.3.4
cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.04,DSS03.05,DSS05.02,DSS05.03,DSS05.05,DSS05.07,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index 9a76b723ef8..40c6dceaa6f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-88689-5
cce@sle12: CCE-91533-0
cce@sle15: CCE-91218-8
+ cce@slmicro5: CCE-93992-6
references:
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.7
cis@sle15: 3.3.7
+ cis@slmicro5: 3.3.7
cis@ubuntu2004: 3.3.7
cis@ubuntu2204: 3.3.7
cobit5: APO01.06,APO13.01,BAI04.04,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index 0c9ac92e882..d49af956428 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-87848-8
cce@sle12: CCE-91535-5
cce@sle15: CCE-91220-4
+ cce@slmicro5: CCE-93991-8
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.3
cis@sle15: 3.3.3
+ cis@slmicro5: 3.3.3
cis@ubuntu2004: 3.3.3
cis@ubuntu2204: 3.3.3
cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 8f2b53aa8aa..510267791fd 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -28,6 +28,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.3
cis@sle15: 3.3.3
+ cis@slmicro5: 3.3.3
cis@ubuntu2004: 3.3.2
cis@ubuntu2204: 3.3.2
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index bac36aac5e5..f8c615f971f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.1
cis@sle15: 3.3.1
+ cis@slmicro5: 3.3.1
cis@ubuntu2004: 3.3.1
cis@ubuntu2204: 3.3.1
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
index 58549208a69..1f4927ee767 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -20,11 +20,13 @@ identifiers:
cce@rhel10: CCE-87672-2
cce@sle12: CCE-92323-5
cce@sle15: CCE-92482-9
+ cce@slmicro5: CCE-93990-0
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.4
cis@sle15: 3.3.4
+ cis@slmicro5: 3.3.4
cis@ubuntu2004: 3.3.4
cis@ubuntu2204: 3.3.4
cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.04,DSS03.05,DSS05.02,DSS05.03,DSS05.05,DSS05.07,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
index dd93cbae8a3..8fe0a5d35ac 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-87424-8
cce@sle12: CCE-91534-8
cce@sle15: CCE-91219-6
+ cce@slmicro5: CCE-93989-2
references:
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.7
cis@sle15: 3.3.7
+ cis@slmicro5: 3.3.7
cis@ubuntu2004: 3.3.7
cis@ubuntu2204: 3.3.7
cobit5: APO01.06,APO13.01,BAI04.04,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
index 679d03989a3..b7d95b31fed 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-87878-5
cce@sle12: CCE-91536-3
cce@sle15: CCE-91221-2
+ cce@slmicro5: CCE-93988-4
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.2
cis@sle15: 3.3.2
+ cis@slmicro5: 3.3.2
cis@ubuntu2004: 3.3.3
cis@ubuntu2204: 3.3.3
cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index 7fa90e1eb83..994d5b677fd 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-86918-0
cce@sle12: CCE-83080-2
cce@sle15: CCE-91243-6
+ cce@slmicro5: CCE-93987-6
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.3.5
cis@sle15: 3.3.5
+ cis@slmicro5: 3.3.5
cis@ubuntu2004: 3.3.5
cis@ubuntu2204: 3.3.5
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index 916b8a8c129..92b8e1a660f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -18,11 +18,13 @@ identifiers:
cce@rhel10: CCE-87841-3
cce@sle12: CCE-91539-7
cce@sle15: CCE-91224-6
+ cce@slmicro5: CCE-93986-8
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.3.6
cis@sle15: 3.3.6
+ cis@slmicro5: 3.3.6
cis@ubuntu2004: 3.3.6
cis@ubuntu2204: 3.3.6
cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07,DSS06.06
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index 6592a13bb7c..978be3669f8 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -28,6 +28,7 @@ references:
cis-csc: 1,12,13,14,15,16,18,2,4,6,7,8,9
cis@sle12: 3.3.8
cis@sle15: 3.3.8
+ cis@slmicro5: 3.3.8
cis@ubuntu2004: 3.3.8
cis@ubuntu2204: 3.3.8
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index e0286fee8c7..5568a6bf3d9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -27,6 +27,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.2.2
cis@sle15: 3.2.2
+ cis@slmicro5: 3.2.2
cis@ubuntu2004: 3.2.1
cis@ubuntu2204: 3.2.1
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index 5d3bbd88383..1d18537ffa7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -27,6 +27,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
cis@sle12: 3.2.2
cis@sle15: 3.2.2
+ cis@slmicro5: 3.2.2
cis@ubuntu2004: 3.2.1
cis@ubuntu2204: 3.2.1
cjis: 5.10.1.1
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index d5cc1362fc0..5daca61dcae 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -25,6 +25,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
cis@sle12: 3.2.1
cis@sle15: 3.2.1
+ cis@slmicro5: 3.2.1
cis@ubuntu2004: 3.2.2
cis@ubuntu2204: 3.2.2
cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07,DSS06.06
diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
index f4d780bdd5f..6bb268a4a98 100644
--- a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
@@ -28,9 +28,11 @@ platform: package[nftables] and service_disabled[firewalld] and service_disabled
identifiers:
cce@sle15: CCE-92507-3
+ cce@slmicro5: CCE-93981-9
references:
cis@sle15: 3.5.2.8
+ cis@slmicro5: 3.5.2.8
cis@ubuntu2004: 3.5.2.8
cis@ubuntu2204: 3.5.2.8
diff --git a/linux_os/guide/system/network/network-nftables/nftables_rules_permanent/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_rules_permanent/rule.yml
index c0d61ce7d35..4c6ed32b255 100644
--- a/linux_os/guide/system/network/network-nftables/nftables_rules_permanent/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/nftables_rules_permanent/rule.yml
@@ -20,9 +20,11 @@ platform: package[nftables] and service_disabled[firewalld]
identifiers:
cce@sle15: CCE-92485-2
+ cce@slmicro5: CCE-93980-1
references:
cis@sle15: 3.5.2.10
+ cis@slmicro5: 3.5.2.10
cis@ubuntu2004: 3.5.2.10
cis@ubuntu2204: 3.5.2.10
diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
index 79ed8148888..d54541261b0 100644
--- a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
@@ -22,9 +22,11 @@ identifiers:
cce@rhel9: CCE-86378-7
cce@rhel10: CCE-87358-8
cce@sle15: CCE-92469-6
+ cce@slmicro5: CCE-93985-0
references:
cis@sle15: 3.5.2.1
+ cis@slmicro5: 3.5.2.1
cis@ubuntu2004: 3.5.2.1
cis@ubuntu2204: 3.5.2.1
diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_removed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_removed/rule.yml
index d96fb48a328..5836583556d 100644
--- a/linux_os/guide/system/network/network-nftables/package_nftables_removed/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/package_nftables_removed/rule.yml
@@ -15,9 +15,11 @@ severity: medium
identifiers:
cce@sle15: CCE-92518-0
+ cce@slmicro5: CCE-93984-3
references:
cis@sle15: 3.5.1.2,3.5.3.1.2
+ cis@slmicro5: 3.5.1.2,3.5.3.1.2
cis@ubuntu2004: 3.5.3.1.2
cis@ubuntu2204: 3.5.3.1.2
diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
index 23c29a26d98..b7300ac92bd 100644
--- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
@@ -20,9 +20,11 @@ identifiers:
cce@rhel9: CCE-88429-6
cce@rhel10: CCE-88523-6
cce@sle15: CCE-92529-7
+ cce@slmicro5: CCE-93982-7
references:
cis@sle15: 3.5.1.2
+ cis@slmicro5: 3.5.1.2
cis@ubuntu2004: 3.5.3.1.2
cis@ubuntu2204: 3.5.3.1.2
diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
index 9b03158f3d9..10b1027f20c 100644
--- a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
@@ -18,9 +18,11 @@ severity: medium
identifiers:
cce@rhel8: CCE-86725-9
cce@sle15: CCE-92560-2
+ cce@slmicro5: CCE-93983-5
references:
cis@sle15: 3.5.2.9
+ cis@slmicro5: 3.5.2.9
cis@ubuntu2004: 3.5.2.9
cis@ubuntu2204: 3.5.2.9
diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml
index ea37d1611b2..96f0d7e651a 100644
--- a/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml
@@ -20,9 +20,11 @@ platform: package[nftables]
identifiers:
cce@sle15: CCE-92578-4
+ cce@slmicro5: CCE-93979-3
references:
cis@sle15: 3.5.2.5
+ cis@slmicro5: 3.5.2.5
cis@ubuntu2004: 3.5.2.5
cis@ubuntu2204: 3.5.2.5
diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml
index c47a7cf2307..6a9e915f5f1 100644
--- a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml
@@ -21,9 +21,11 @@ platform: package[nftables] and service_disabled[firewalld]
identifiers:
cce@sle15: CCE-92481-1
+ cce@slmicro5: CCE-93978-5
references:
cis@sle15: 3.5.2.6
+ cis@slmicro5: 3.5.2.6
cis@ubuntu2004: 3.5.2.6
cis@ubuntu2204: 3.5.2.6
pcidss: Req-1.4.1
diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml
index 2e5d31234d5..12b7b165634 100644
--- a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml
@@ -7,16 +7,18 @@ description: |-
Configure the nftables firewall rules for new outbound and established connections
rationale: |-
- If rules are not in place for new outbound and established connections, all packets
+ If rules are not in place for new outbound and established connections, all packets
will be dropped by the default policy preventing network usage.
severity: medium
identifiers:
cce@sle15: CCE-92564-4
+ cce@slmicro5: CCE-93977-7
references:
cis@sle15: 3.5.2.7
+ cis@slmicro5: 3.5.2.7
ocil_clause: 'All nftables rules for established incoming, and for new and outbound connections do not match site policy'
@@ -39,7 +41,7 @@ ocil: |-
ip protocol udp ct state established,related,new accept
ip protocol icmp ct state established,related,new accept
- To configure nftables in accordance with site policy which will allow all outbound and all
+ To configure nftables in accordance with site policy which will allow all outbound and all
established connections, run the following commands:
$ sudo nft add rule inet filter input ip protocol tcp ct state established accept
$ sudo nft add rule inet filter input ip protocol udp ct state established accept
diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
index 50e0f61d9cf..cb48bfed30f 100644
--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
+++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
@@ -30,9 +30,11 @@ identifiers:
cce@rhel8: CCE-86162-5
cce@rhel9: CCE-86163-3
cce@sle15: CCE-92569-3
+ cce@slmicro5: CCE-93976-9
references:
cis@sle15: 3.5.2.4
+ cis@slmicro5: 3.5.2.4
cis@ubuntu2004: 3.5.2.4
cis@ubuntu2204: 3.5.2.4
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
index 944359a2ca1..92947227b37 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel10: CCE-89435-2
cce@sle12: CCE-91599-1
cce@sle15: CCE-91241-0
+ cce@slmicro5: CCE-93975-1
references:
cis-csc: 11,14,3,9
cis@sle12: 3.4.1
cis@sle15: 3.4.1
+ cis@slmicro5: 3.4.1
cis@ubuntu2004: 3.4.1
cis@ubuntu2204: 3.4.1
cjis: 5.10.1
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index ba4ca06160c..c594719aab0 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-90489-6
cce@sle12: CCE-91600-7
cce@sle15: CCE-91242-8
+ cce@slmicro5: CCE-93974-4
references:
cis-csc: 11,14,3,9
cis@sle12: 3.4.2
cis@sle15: 3.4.2
+ cis@slmicro5: 3.4.2
cis@ubuntu2004: 3.4.2
cis@ubuntu2204: 3.4.2
cjis: 5.10.1
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 830e35504a4..256ab8558c1 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -47,6 +47,7 @@ references:
cis-csc: 11,12,14,15,3,8,9
cis@sle12: 3.1.2
cis@sle15: 3.1.2
+ cis@slmicro5: 3.1.2
cis@ubuntu2004: 3.1.2
cis@ubuntu2204: 3.1.2
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index 69d08bf046a..9859dc3679e 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -38,6 +38,7 @@ references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 1.1.22
cis@sle15: 1.1.22
+ cis@slmicro5: 1.1.22
cis@ubuntu1804: 1.1.20
cis@ubuntu2004: 1.1.22
cis@ubuntu2204: 1.1.22
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
index 94dbbea4132..3084e461b0f 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-87656-5
cce@sle12: CCE-91583-5
cce@sle15: CCE-91233-7
+ cce@slmicro5: CCE-93973-6
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.8
cis@sle15: 6.1.8
+ cis@slmicro5: 6.1.8
cis@ubuntu2004: 6.1.10
cis@ubuntu2204: 6.1.9
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 2a432758b02..ab43399f362 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -38,6 +38,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,18,3,5
cis@sle12: 6.1.10
cis@sle15: 6.1.10
+ cis@slmicro5: 6.1.10
cis@ubuntu2004: 6.1.12
cis@ubuntu2204: 6.1.11
cobit5: APO01.06,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.06,DSS06.10
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 14e9efe3e2b..3dd27b8e256 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -35,6 +35,7 @@ references:
cis-csc: 11,12,13,14,15,16,18,3,5,9
cis@sle12: 6.1.9
cis@sle15: 6.1.9
+ cis@slmicro5: 6.1.9
cis@ubuntu2004: 6.1.11
cis@ubuntu2204: 6.1.10
cobit5: APO01.06,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
index 94405eae80e..163556a90a8 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_group/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-89477-4
cce@sle12: CCE-91699-9
cce@sle15: CCE-91329-3
+ cce@slmicro5: CCE-93972-8
references:
cis@sle12: 6.1.7
cis@sle15: 6.1.7
+ cis@slmicro5: 6.1.7
cis@ubuntu2004: 6.1.8
cis@ubuntu2204: 6.1.4
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
index 2f82e60e23d..015173051f0 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_gshadow/rule.yml
@@ -22,10 +22,12 @@ identifiers:
cce@rhel10: CCE-88453-6
cce@sle12: CCE-92447-2
cce@sle15: CCE-92698-0
+ cce@slmicro5: CCE-93971-0
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.3
cis@ubuntu2204: 6.1.8
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
index 40dcc6e65ec..b052d57aa4b 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_passwd/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-89914-6
cce@sle12: CCE-91693-2
cce@sle15: CCE-91323-6
+ cce@slmicro5: CCE-93970-2
references:
cis@sle12: 6.1.5
cis@sle15: 6.1.5
+ cis@slmicro5: 6.1.5
cis@ubuntu2004: 6.1.6
cis@ubuntu2204: 6.1.2
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
index f21866f57b3..8569e02c8e7 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_backup_etc_shadow/rule.yml
@@ -23,10 +23,12 @@ identifiers:
cce@rhel10: CCE-88235-7
cce@sle12: CCE-91697-3
cce@sle15: CCE-91327-7
+ cce@slmicro5: CCE-93969-4
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.7
cis@ubuntu2204: 6.1.6
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
index 7f0820d51c1..1d8bbbacf18 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_group/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-90261-9
cce@sle12: CCE-91626-2
cce@sle15: CCE-85801-9
+ cce@slmicro5: CCE-93968-6
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.4
cis@sle15: 6.1.4
+ cis@slmicro5: 6.1.4
cis@ubuntu2004: 6.1.5
cis@ubuntu2204: 6.1.3
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
index 1df28099daf..e34231ab294 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_gshadow/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-90043-1
cce@sle12: CCE-92225-2
cce@sle15: CCE-91348-3
+ cce@slmicro5: CCE-93967-8
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.9
cis@ubuntu2204: 6.1.7
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
index bd584443c84..5a050dd0da7 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_passwd/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-89210-9
cce@sle12: CCE-91627-0
cce@sle15: CCE-85809-2
+ cce@slmicro5: CCE-93966-0
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.2
cis@ubuntu2204: 6.1.1
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
index 7aaf451d25a..c5d2aa5d995 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_groupowner_etc_shadow/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-87579-9
cce@sle12: CCE-91628-8
cce@sle15: CCE-85808-4
+ cce@slmicro5: CCE-93965-2
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.3
cis@sle15: 6.1.3
+ cis@slmicro5: 6.1.3
cis@ubuntu2004: 6.1.4
cis@ubuntu2204: 6.1.5
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
index 1ec3de62406..9fa6258a747 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_group/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-89017-8
cce@sle12: CCE-91700-5
cce@sle15: CCE-91330-1
+ cce@slmicro5: CCE-93964-5
references:
cis@sle12: 6.1.7
cis@sle15: 6.1.7
+ cis@slmicro5: 6.1.7
cis@ubuntu2004: 6.1.8
cis@ubuntu2204: 6.1.4
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
index 58c4f95669f..8dd27d54deb 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_gshadow/rule.yml
@@ -16,10 +16,12 @@ identifiers:
cce@rhel10: CCE-86957-8
cce@sle12: CCE-92448-0
cce@sle15: CCE-92699-8
+ cce@slmicro5: CCE-93963-7
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.3
cis@ubuntu2204: 6.1.8
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
index 9ee2259a662..3ebe7a196ee 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_passwd/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-90377-3
cce@sle12: CCE-91694-0
cce@sle15: CCE-91324-4
+ cce@slmicro5: CCE-93962-9
references:
cis@sle12: 6.1.5
cis@sle15: 6.1.5
+ cis@slmicro5: 6.1.5
cis@ubuntu2004: 6.1.6
cis@ubuntu2204: 6.1.2
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
index 48ea2b31402..689b28f5651 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_backup_etc_shadow/rule.yml
@@ -17,10 +17,12 @@ identifiers:
cce@rhel10: CCE-87502-1
cce@sle12: CCE-91696-5
cce@sle15: CCE-91326-9
+ cce@slmicro5: CCE-93961-1
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.7
cis@ubuntu2204: 6.1.6
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
index 0495a86a3dc..54b936d63d0 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_group/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-86870-3
cce@sle12: CCE-91665-0
cce@sle15: CCE-85802-7
+ cce@slmicro5: CCE-93960-3
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.4
cis@sle15: 6.1.4
+ cis@slmicro5: 6.1.4
cis@ubuntu2004: 6.1.5
cis@ubuntu2204: 6.1.3
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
index 03974341273..b0ec153b0e3 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_gshadow/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-87701-9
cce@sle12: CCE-91557-9
cce@sle15: CCE-91230-3
+ cce@slmicro5: CCE-93959-5
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.9
cis@ubuntu2204: 6.1.7
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
index 61d0d44412e..1127f332150 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_passwd/rule.yml
@@ -16,11 +16,13 @@ identifiers:
cce@rhel10: CCE-87827-2
cce@sle12: CCE-91666-8
cce@sle15: CCE-85806-8
+ cce@slmicro5: CCE-93958-7
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.2
cis@ubuntu2204: 6.1.1
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
index 717e4a5512c..5fdc5b44fe4 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_owner_etc_shadow/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-86857-0
cce@sle12: CCE-83259-2
cce@sle15: CCE-85807-6
+ cce@slmicro5: CCE-93957-9
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.3
cis@sle15: 6.1.3
+ cis@slmicro5: 6.1.3
cis@ubuntu2004: 6.1.4
cis@ubuntu2204: 6.1.5
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
index 1a59da1ab31..aec3b76047d 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_group/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-86579-0
cce@sle12: CCE-92201-3
cce@sle15: CCE-91331-9
+ cce@slmicro5: CCE-93956-1
references:
cis@sle12: 6.1.7
cis@sle15: 6.1.7
+ cis@slmicro5: 6.1.7
cis@ubuntu2004: 6.1.8
cis@ubuntu2204: 6.1.4
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
index 22c05635db4..4b89b84647e 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_gshadow/rule.yml
@@ -25,10 +25,12 @@ identifiers:
cce@rhel10: CCE-89056-6
cce@sle12: CCE-92449-8
cce@sle15: CCE-92700-4
+ cce@slmicro5: CCE-93955-3
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.3
cis@ubuntu2204: 6.1.8
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
index 4d8eef2f24e..2123406a2a1 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_passwd/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-86854-7
cce@sle12: CCE-91695-7
cce@sle15: CCE-91325-1
+ cce@slmicro5: CCE-93954-6
references:
cis@sle12: 6.1.5
cis@sle15: 6.1.5
+ cis@slmicro5: 6.1.5
cis@ubuntu2004: 6.1.6
cis@ubuntu2204: 6.1.2
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
index d1cc32bec16..48c8a491d79 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_backup_etc_shadow/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel10: CCE-87423-0
cce@sle12: CCE-91698-1
cce@sle15: CCE-91328-5
+ cce@slmicro5: CCE-93953-8
references:
cis@sle12: 6.1.6
cis@sle15: 6.1.6
+ cis@slmicro5: 6.1.6
cis@ubuntu2004: 6.1.7
cis@ubuntu2204: 6.1.6
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
index 2886e5872fd..3507930694a 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_group/rule.yml
@@ -17,11 +17,13 @@ identifiers:
cce@rhel10: CCE-88868-5
cce@sle12: CCE-91451-5
cce@sle15: CCE-85803-5
+ cce@slmicro5: CCE-93952-0
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.4
cis@sle15: 6.1.4
+ cis@slmicro5: 6.1.4
cis@ubuntu2004: 6.1.5
cis@ubuntu2204: 6.1.3
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
index 164c35084a7..d951bab7f0a 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_gshadow/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-86975-0
cce@sle12: CCE-91558-7
cce@sle15: CCE-91231-1
+ cce@slmicro5: CCE-93951-2
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.9
cis@ubuntu2204: 6.1.7
cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
index 0dcba2b5b4f..bd2b4ed3457 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_passwd/rule.yml
@@ -19,11 +19,13 @@ identifiers:
cce@rhel10: CCE-90644-6
cce@sle12: CCE-91452-3
cce@sle15: CCE-85805-0
+ cce@slmicro5: CCE-93950-4
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.2
cis@sle15: 6.1.2
+ cis@slmicro5: 6.1.2
cis@ubuntu2004: 6.1.2
cis@ubuntu2204: 6.1.1
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
index 32c5b1f4c9b..685394ebca0 100644
--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_permissions_etc_shadow/rule.yml
@@ -28,11 +28,13 @@ identifiers:
cce@rhel10: CCE-88433-8
cce@sle12: CCE-91479-6
cce@sle15: CCE-85804-3
+ cce@slmicro5: CCE-93949-6
references:
cis-csc: 12,13,14,15,16,18,3,5
cis@sle12: 6.1.3
cis@sle15: 6.1.3
+ cis@slmicro5: 6.1.3
cis@ubuntu2004: 6.1.4
cis@ubuntu2204: 6.1.5
cjis: 5.5.2.2
diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
index 8b553d401d1..45e90dfb3a6 100644
--- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml
@@ -33,6 +33,7 @@ identifiers:
references:
cis@sle12: 4.2.3
cis@sle15: 4.2.3
+ cis@slmicro5: 4.2.3
cis@ubuntu2004: 4.2.3
cis@ubuntu2204: 4.2.3
disa: CCI-001312
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index 4bf7fd18299..6665bc10683 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-90005-0
cce@sle12: CCE-92297-1
cce@sle15: CCE-92451-4
+ cce@slmicro5: CCE-93948-8
references:
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.1
cis@sle15: 1.1.1.1
+ cis@slmicro5: 1.1.1.1
cis@ubuntu1804: 1.1.1.1
cis@ubuntu2004: 1.1.1.1
cis@ubuntu2204: 1.1.1.1
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 8a33ff0f5fa..00e5baad570 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -27,11 +27,13 @@ identifiers:
cce@rhel10: CCE-88216-7
cce@sle12: CCE-92298-9
cce@sle15: CCE-92452-2
+ cce@slmicro5: CCE-93947-0
references:
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.1
cis@sle15: 1.1.1.1
+ cis@slmicro5: 1.1.1.1
cis@ubuntu2204: 1.1.1.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
cui: 3.4.6
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
index 090cd343a8b..3f9172d6f88 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
@@ -28,11 +28,13 @@ identifiers:
cce@rhel10: CCE-87504-7
cce@sle12: CCE-92299-7
cce@sle15: CCE-92453-0
+ cce@slmicro5: CCE-93946-2
references:
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.2
cis@sle15: 1.1.1.2
+ cis@slmicro5: 1.1.1.2
cis@ubuntu1804: 1.1.1.6
cis@ubuntu2004: 1.1.1.6
cis@ubuntu2204: 1.1.1.3
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index 8ace97c1f5c..41cc2220305 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -30,6 +30,7 @@ references:
cis-csc: 1,12,15,16,5
cis@sle12: 1.1.23
cis@sle15: 1.1.23
+ cis@slmicro5: 1.1.23
cis@ubuntu2004: 1.1.24
cis@ubuntu2204: 1.1.10
cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
index d01a6caa7e5..6f8b0d07fde 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel8: CCE-82170-2
cce@sle12: CCE-92300-3
cce@sle15: CCE-92454-8
+ cce@slmicro5: CCE-93945-4
references:
cis-csc: 11,14,3,9
cis@sle12: 1.1.1.3
cis@sle15: 1.1.1.3
+ cis@slmicro5: 1.1.1.3
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
cui: 3.4.6
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index d40d550cb47..821fe53eb11 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -36,6 +36,7 @@ references:
cis-csc: 1,12,15,16,5
cis@sle12: 1.1.23
cis@sle15: 1.1.23
+ cis@slmicro5: 1.1.23
cis@ubuntu1804: 1.1.21
cis@ubuntu2004: 1.1.23
cis@ubuntu2204: 1.1.9
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
index a719912d925..cb069b66415 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-86783-8
cce@sle12: CCE-92303-7
cce@sle15: CCE-92457-1
+ cce@slmicro5: CCE-93944-7
references:
cis-csc: 11,13,14,3,8,9
cis@sle12: 1.1.8
cis@sle15: 1.1.8
+ cis@slmicro5: 1.1.8
cis@ubuntu1804: 1.1.14
cis@ubuntu2004: 1.1.7
cis@ubuntu2204: 1.1.8.1
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index 7db04406610..85814150cc8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel10: CCE-86775-4
cce@sle12: CCE-92302-9
cce@sle15: CCE-92456-3
+ cce@slmicro5: CCE-93943-9
references:
cis-csc: 11,13,14,3,8,9
cis@sle12: 1.1.7
cis@sle15: 1.1.7
+ cis@slmicro5: 1.1.7
cis@ubuntu1804: 1.1.16
cis@ubuntu2004: 1.1.9
cis@ubuntu2204: 1.1.8.2
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
index 489b8d49075..3b082433e8f 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-88358-7
cce@sle12: CCE-92304-5
cce@sle15: CCE-92458-9
+ cce@slmicro5: CCE-93942-1
references:
cis-csc: 11,13,14,3,8,9
cis@sle12: 1.1.9
cis@sle15: 1.1.9
+ cis@slmicro5: 1.1.9
cis@ubuntu1804: 1.1.15
cis@ubuntu2004: 1.1.8
cis@ubuntu2204: 1.1.8.3
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
index 1c9cacb28d1..5b0add298e4 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel10: CCE-87344-8
cce@sle12: CCE-92306-0
cce@sle15: CCE-92460-5
+ cce@slmicro5: CCE-93941-3
references:
cis@sle12: 1.1.18
cis@sle15: 1.1.18
+ cis@slmicro5: 1.1.18
cis@ubuntu1804: 1.1.13
cis@ubuntu2004: 1.1.18
cis@ubuntu2204: 1.1.7.2
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index 8022a01641b..614f3f509f2 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -26,11 +26,13 @@ identifiers:
cce@rhel10: CCE-90154-6
cce@sle12: CCE-92308-6
cce@sle15: CCE-92462-1
+ cce@slmicro5: CCE-93940-5
references:
cis-csc: 11,12,13,14,16,3,8,9
cis@sle12: 1.1.20
cis@sle15: 1.1.20
+ cis@slmicro5: 1.1.20
cis@ubuntu1804: 1.1.17
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.06,DSS05.07,DSS06.03,DSS06.06
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index ad918962240..fdab534f266 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-90378-1
cce@sle12: CCE-92307-8
cce@sle15: CCE-92461-3
+ cce@slmicro5: CCE-93939-7
references:
cis-csc: 11,12,13,14,16,3,8,9
cis@sle12: 1.1.19
cis@sle15: 1.1.19
+ cis@slmicro5: 1.1.19
cis@ubuntu1804: 1.1.19
cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.06,DSS05.07,DSS06.03,DSS06.06
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index f409eaabef8..94b0d8c9bbd 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -31,6 +31,7 @@ references:
cis-csc: 11,12,13,14,15,16,18,3,5,8,9
cis@sle12: 1.1.21
cis@sle15: 1.1.21
+ cis@slmicro5: 1.1.21
cis@ubuntu1804: 1.1.18
cobit5: APO01.06,APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.06,DSS05.07,DSS06.02,DSS06.03,DSS06.06
disa: CCI-000366
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index ad9f27dd7c5..2b0604d10b0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -29,10 +29,12 @@ identifiers:
cce@rhel10: CCE-88825-5
cce@sle12: CCE-92209-6
cce@sle15: CCE-85745-8
+ cce@slmicro5: CCE-93938-9
references:
cis@sle12: 1.6.1
cis@sle15: 1.6.1
+ cis@slmicro5: 1.6.1
disa: CCI-000366
nist: CM-6
pcidss: Req-3.2
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index e102da2b379..3ba3a22cfc2 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -29,10 +29,12 @@ identifiers:
cce@rhel10: CCE-88732-3
cce@sle12: CCE-92210-4
cce@sle15: CCE-85746-6
+ cce@slmicro5: CCE-93937-1
references:
cis@sle12: 1.6.1
cis@sle15: 1.6.1
+ cis@slmicro5: 1.6.1
disa: CCI-000366
nist: CM-6
pcidss: Req-3.2
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
index 32651fa929d..c57a01958d5 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
SECURITY_LIMITS_FILE="/etc/security/limits.conf"
if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index f7a5fa08a17..af0fcf370c4 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -23,11 +23,13 @@ identifiers:
cce@rhel10: CCE-88330-6
cce@sle12: CCE-92208-8
cce@sle15: CCE-85740-9
+ cce@slmicro5: CCE-93936-3
references:
cis-csc: 1,12,13,15,16,2,7,8
cis@sle12: 1.6.1
cis@sle15: 1.6.1
+ cis@slmicro5: 1.6.1
cis@ubuntu2004: 1.6.4
cis@ubuntu2204: 1.5.4
cobit5: APO13.01,BAI04.04,DSS01.03,DSS03.05,DSS05.07
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
index a8ab5b33ef7..90ceaaf732e 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable/rule.yml
@@ -19,10 +19,12 @@ identifiers:
cce@rhel10: CCE-88399-1
cce@sle12: CCE-91561-1
cce@sle15: CCE-91447-3
+ cce@slmicro5: CCE-93935-5
references:
cis@sle12: 1.6.1
cis@sle15: 1.6.1
+ cis@slmicro5: 1.6.1
cis@ubuntu2004: 1.6.4
cis@ubuntu2204: 1.5.4
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e)
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
index cf6b71a2fbe..061d44762b5 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
@@ -26,6 +26,7 @@ identifiers:
references:
cis@sle12: 1.6.3
cis@sle15: 1.6.3
+ cis@slmicro5: 1.6.3
cis@ubuntu2004: 1.6.2
cis@ubuntu2204: 1.5.1
cui: 3.1.7
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
index 8d64e30f34e..9b2f76c3733 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -22,11 +22,13 @@ identifiers:
cce@rhel10: CCE-89763-7
cce@sle12: CCE-91563-7
cce@sle15: CCE-91254-3
+ cce@slmicro5: CCE-93934-8
references:
cis-csc: 11,3,9
cis@sle12: 1.6.2
cis@sle15: 1.6.2
+ cis@slmicro5: 1.6.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
cui: 3.1.7
disa: CCI-002824
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
index 047ca2fbf24..91112e21f25 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
@@ -25,11 +25,13 @@ identifiers:
cce@rhel8: CCE-83919-1
cce@sle12: CCE-91564-5
cce@sle15: CCE-91255-0
+ cce@slmicro5: CCE-93933-0
references:
cis-csc: 11,3,9
cis@sle12: 1.6.2
cis@sle15: 1.6.2
+ cis@slmicro5: 1.6.2
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05
cui: 3.1.7
isa-62443-2009: 4.3.4.3.2,4.3.4.3.3
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_dev_shm/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_dev_shm/rule.yml
index c921b84c80c..94140458ad3 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_dev_shm/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_dev_shm/rule.yml
@@ -26,10 +26,12 @@ identifiers:
cce@rhel10: CCE-89532-6
cce@sle12: CCE-92319-3
cce@sle15: CCE-92477-9
+ cce@slmicro5: CCE-94076-7
references:
cis@sle12: 1.1.6
cis@sle15: 1.1.6
+ cis@slmicro5: 1.1.6
{{{ complete_ocil_entry_separate_partition(part="/dev/shm") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
index 44f415f0570..1539bc866d8 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
@@ -29,6 +29,7 @@ references:
cis-csc: 12,15,8
cis@sle12: 1.1.17
cis@sle15: 1.1.17
+ cis@slmicro5: 1.1.17
cis@ubuntu1804: 1.1.12
cis@ubuntu2004: 1.1.17
cis@ubuntu2204: 1.1.7.1
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
index 509a3ae7e7e..f74455ae921 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
@@ -28,6 +28,7 @@ references:
cis-csc: 12,15,8
cis@sle12: 1.1.10
cis@sle15: 1.1.10
+ cis@slmicro5: 1.1.10
cis@ubuntu1804: 1.1.5
cis@ubuntu2004: 1.1.10
cis@ubuntu2204: 1.1.3.1
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
index 265961c4fc3..7d785a875f6 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
@@ -43,7 +43,7 @@ ocil: |-
dconf update
command as the administrator.
-platform: machine
+platform: system_with_kernel
srg_requirement: |-
{{{ full_name }}} effective dconf policy must match the policy keyfiles.
diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
index 1b8cbe149a7..b22436f0d81 100644
--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
@@ -82,4 +82,4 @@ ocil: |-
system-db:distro
{{% endif %}}
-platform: machine
+platform: system_with_kernel
diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
index 0447bf2c4b5..782c94b4db5 100644
--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/disable_prelink/rule.yml b/linux_os/guide/system/software/integrity/disable_prelink/rule.yml
index cdfec5043ee..efbc35bae1c 100644
--- a/linux_os/guide/system/software/integrity/disable_prelink/rule.yml
+++ b/linux_os/guide/system/software/integrity/disable_prelink/rule.yml
@@ -21,11 +21,13 @@ identifiers:
cce@rhel8: CCE-80787-5
cce@sle12: CCE-92211-2
cce@sle15: CCE-91341-8
+ cce@slmicro5: CCE-94078-3
references:
cis-csc: 11,13,14,2,3,9
cis@sle12: 1.6.4
cis@sle15: 1.6.4
+ cis@slmicro5: 1.6.4
cjis: 5.10.1.3
cobit5: APO01.06,BAI02.01,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS04.07,DSS05.03,DSS06.02,DSS06.06
cui: 3.13.11
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
index 8b0fc6c633d..7cef39f6cf4 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
@@ -47,6 +47,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,5,7,8,9
cis@sle12: 1.4.1
cis@sle15: 1.4.1
+ cis@slmicro5: 1.4.1
cis@ubuntu2004: 1.4.1
cis@ubuntu2204: 1.3.1
cjis: 5.10.1.3
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
index a6c54db1837..4cf5e5402c2 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml
@@ -28,6 +28,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,5,7,8,9
cis@sle12: 1.4.2
cis@sle15: 1.4.2
+ cis@slmicro5: 1.4.2
cjis: 5.10.1.3
cobit5: APO01.06,BAI01.06,BAI02.01,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS04.07,DSS05.02,DSS05.03,DSS05.05,DSS05.07,DSS06.02,DSS06.06
disa: CCI-001744,CCI-002699,CCI-002702
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
index 6281f55b688..781ecfa599f 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
@@ -22,6 +22,7 @@ references:
cis-csc: 1,11,12,13,14,15,16,2,3,5,7,8,9
cis@sle12: 1.4.1
cis@sle15: 1.4.1
+ cis@slmicro5: 1.4.1
cis@ubuntu2004: 1.4.1
cis@ubuntu2204: 1.3.1
cjis: 5.10.1.3
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
index 44f2598d32a..2b6777b3cc0 100644
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-87100-4
cce@sle12: CCE-91491-1
cce@sle15: CCE-91183-4
+ cce@slmicro5: CCE-94075-9
references:
cis@sle12: 1.3.1
cis@sle15: 1.3.1
+ cis@slmicro5: 1.3.1
cis@ubuntu2004: 1.3.1
cis@ubuntu2204: 5.3.1
disa: CCI-002235
diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
index ff9548ed528..1fff54fe158 100644
--- a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
@@ -21,10 +21,12 @@ identifiers:
cce@rhel10: CCE-89073-1
cce@sle12: CCE-91499-4
cce@sle15: CCE-91190-9
+ cce@slmicro5: CCE-94074-2
references:
cis@sle12: 1.3.2
cis@sle15: 1.3.2
+ cis@slmicro5: 1.3.2
cis@ubuntu2004: 1.3.2
cis@ubuntu2204: 5.3.2
pcidss: Req-10.2.5
diff --git a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
index 9a6785ae080..46235d073cf 100644
--- a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
@@ -18,10 +18,12 @@ identifiers:
cce@rhel10: CCE-89611-8
cce@sle12: CCE-91654-4
cce@sle15: CCE-91311-1
+ cce@slmicro5: CCE-94073-4
references:
cis@sle12: 1.3.3
cis@sle15: 1.3.3
+ cis@slmicro5: 1.3.3
cis@ubuntu2004: 1.3.3
cis@ubuntu2204: 5.3.3
pcidss: Req-10.2.5
diff --git a/linux_os/guide/system/software/updating/ensure_GPG_keys_are_configured/rule.yml b/linux_os/guide/system/software/updating/ensure_GPG_keys_are_configured/rule.yml
index 5032d10a19a..15986ecea93 100644
--- a/linux_os/guide/system/software/updating/ensure_GPG_keys_are_configured/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_GPG_keys_are_configured/rule.yml
@@ -4,39 +4,39 @@ documentation_complete: true
title: 'Ensure GPG keys are configured'
description: |-
- The operation system or installed application can be successfully bootstrapped
- without the GPG key being trusted. However, you cannot install new packages or
+ The operation system or installed application can be successfully bootstrapped
+ without the GPG key being trusted. However, you cannot install new packages or
update them until the keys are trusted.
-
- Most packages managers implement GPG key signing to verify package integrity
+
+ Most packages managers implement GPG key signing to verify package integrity
during installation.
- To verify GPG keys are configured correctly for your package manager,
+ To verify GPG keys are configured correctly for your package manager,
one of the following command groups may provide the needed information
- depending on the package manager in use.
+ depending on the package manager in use.
In SUSE Linux distributions, the administrators have to follow the next steps:
1. Log on to the system as a user with administrator rights.
2. Locate and download package, for example zoom_x86_64.rpm
- 3. Locate and download the public key (GPG) from the software download site, for
+ 3. Locate and download the public key (GPG) from the software download site, for
example the key for zoom package is package-signing-key-5-12-6.pub
4. Import the key public key:
$ sudo rpm --import package-signing-key-5-12-6.pub
- 5. List the keys, for example the command:
+ 5. List the keys, for example the command:
$ sudo rpm -qa gpg-pubkey*
will provide:
gpg-pubkey-dd79b481-62fe7502
6. Get more details about the key, via the command:
$ sudo rpm -qa gpg-pubkey-dd79b481-62fe7502
- 7. Check the GPG key, for example the command:
+ 7. Check the GPG key, for example the command:
$ sudo rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
will provide:
gpg-pubkey-dd79b481-62fe7502 --> gpg(Zoom Video Communications, Inc. <CryptoOpsCodeSignProd@zoom.us>)
-
+
rationale: |-
- It is important to ensure that updates are obtained from a valid source to protect
- against spoofing that could lead to the inadvertent installation of malware on the
+ It is important to ensure that updates are obtained from a valid source to protect
+ against spoofing that could lead to the inadvertent installation of malware on the
system.
severity: medium
@@ -44,32 +44,34 @@ severity: medium
identifiers:
cce@sle12: CCE-92384-7
cce@sle15: CCE-92542-0
+ cce@slmicro5: CCE-94072-6
references:
cis@sle12: 1.2.1
cis@sle15: 1.2.1
+ cis@slmicro5: 1.2.1
ocil_clause: 'Your package manager GPG keys are not configured in accordance with site policy'
ocil: |-
- To verify GPG keys are configured correctly for your package manager, one of the
- following command groups may provide the needed information depending on the
- package manager in use.
+ To verify GPG keys are configured correctly for your package manager, one of the
+ following command groups may provide the needed information depending on the
+ package manager in use.
In SUSE Linux distributions, the administrators have to follow the next steps:
1. Log on to the system as a user with administrator rights.
2. Locate and download package, for example zoom_x86_64.rpm
- 3. Locate and download the public key (GPG) from the software download site, for example
+ 3. Locate and download the public key (GPG) from the software download site, for example
the key for zoom package is package-signing-key-5-12-6.pub
4. Import the key public key:
set pub_key_import = "$ sudo rpm --import package-signing-key-5-12-6.pub
- 5. List the keys, for example the command:
+ 5. List the keys, for example the command:
$ sudo rpm -qa gpg-pubkey*
will provide:
gpg-pubkey-dd79b481-62fe7502
6. Get more details about the key, via the command:
$ sudo rpm -qa gpg-pubkey-dd79b481-62fe7502
- 7. Check the GPG key, for example the command:
+ 7. Check the GPG key, for example the command:
$ sudo rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'
will provide:
gpg-pubkey-dd79b481-62fe7502 --> gpg(Zoom Video Communications, Inc. <CryptoOpsCodeSignProd@zoom.us>)
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
index d3fe7d0fbb5..284bfe13dbd 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
@@ -41,6 +41,7 @@ references:
cis-csc: 11,2,3,9
cis@sle12: 1.2.3
cis@sle15: 1.2.3
+ cis@slmicro5: 1.2.3
cjis: 5.10.4.1
cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
cui: 3.4.8
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
index a653565f511..9fbd9fff222 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
# reboot = false
# strategy = enable
# complexity = low
@@ -6,7 +6,7 @@
- name: Grep for {{{ pkg_manager }}} repo section names
shell: |
set -o pipefail
-{{%- if product in ["sle12", "sle15"] %}}
+{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
grep -HEr '^\[.+\]' -r /etc/zypp/repos.d/
{{%- else %}}
grep -HEr '^\[.+\]' -r /etc/yum.repos.d/
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
index 07e02fa473f..fb6361d3cc1 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
@@ -1,5 +1,5 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
-{{% if product in ["sle12", "sle15"] %}}
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+{{% if product in ["sle12", "sle15", "slmicro5"] %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
{{% else %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
index 0e661f91cf5..76db45010d6 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/oval/shared.xml
@@ -14,7 +14,11 @@
- /etc/yum.repos.d
+ {{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+ /etc/zypp/repos.d
+ {{%- else %}}
+ /etc/yum.repos.d
+ {{%- endif %}}
.*
^\s*gpgcheck\s*=\s*0\s*$
1
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/policy/stig/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/policy/stig/shared.yml
index b6ac3cc313b..32de0e4de6f 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/policy/stig/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/policy/stig/shared.yml
@@ -11,14 +11,14 @@ vuldiscussion: |-
checktext: |-
Verify that all software repositories defined in "/etc/yum.repos.d/" have been configured with "gpgcheck" enabled:
- $ grep gpgcheck /etc/yum.repos.d/*.repo | more
+ $ grep gpgcheck {{{ pkg_manager_repos }}}/*.repo | more
gpgcheck = 1
If "gpgcheck" is not set to "1" for all returned lines, this is a finding.
fixtext: |-
- Configure all software repositories defined in "/etc/yum.repos.d/" to have "gpgcheck" enabled:
+ Configure all software repositories defined in "{{{ pkg_manager_repos }}}/" to have "gpgcheck" enabled:
- $ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
+ $ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' {{{ pkg_manager_repos }}}/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
index 5a3ce069cf4..aaba098c7cd 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
@@ -1,11 +1,16 @@
documentation_complete: true
+{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+ {{%- set pkg_manager_repos="/etc/zypp/repos.d" %}}
+{{%- else %}}
+ {{%- set pkg_manager_repos="/etc/yum.repos.d" %}}
+{{%- endif %}}
title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories'
description: |-
To ensure signature checking is not disabled for
- any repos, remove any lines from files in /etc/yum.repos.d of the form:
+ any repos, remove any lines from files in {{{ pkg_manager_repos }}} of the form:
gpgcheck=0
rationale: |-
@@ -24,11 +29,13 @@ identifiers:
cce@rhel10: CCE-88176-3
cce@sle12: CCE-83258-4
cce@sle15: CCE-85797-9
+ cce@slmicro5: CCE-94070-0
references:
cis-csc: 11,2,3,9
cis@sle12: 1.2.3
cis@sle15: 1.2.3
+ cis@slmicro5: 1.2.3
cjis: 5.10.4.1
cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
cui: 3.4.8
@@ -50,7 +57,7 @@ ocil_clause: 'GPG checking is disabled'
ocil: |-
To determine whether {{{ pkg_manager }}} has been configured to disable
gpgcheck for any repos, inspect all files in
- /etc/yum.repos.d and ensure the following does not appear in any
+ {{{ pkg_manager_repos }}} and ensure the following does not appear in any
sections:
gpgcheck=0
A value of 0 indicates that gpgcheck has been disabled for that repo.
@@ -58,7 +65,7 @@ ocil: |-
fixtext: |-
Ensure signature checking is enabled for all package repositories with the command:
- $ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
+ $ sudo sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' {{{ pkg_manager_repos }}}/*
srg_requirement: |-
{{{ full_name }}} must have gpgcheck enabled for all repositories.
@@ -66,7 +73,7 @@ srg_requirement: |-
checktext: |-
Verify that {{{ pkg_manager }}} has not been configured to disable gpgcheck for any repos with the following command:
- $ grep gpgcheck /etc/yum.repos.d/*.repo | more
+ $ grep gpgcheck {{{ pkg_manager_repos }}}/*.repo | more
gpgcheck = 1
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
index 37e47e4d47a..90ee6e0e0a8 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
@@ -1,4 +1,10 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+
+{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/zypp/repos.d/*
+{{%- else %}}
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
+{{%- endif %}}
+
-sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
index 04ff6e57714..e6dfa5ba506 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
@@ -1,4 +1,10 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+
+{{%- if product in ["sle12", "sle15", "slmicro5"] %}}
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
+{{%- else %}}
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
+{{%- endif %}}
+
-sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_package_repositories_are_configured/rule.yml b/linux_os/guide/system/software/updating/ensure_package_repositories_are_configured/rule.yml
index 63f51aba217..6c03e6478b0 100644
--- a/linux_os/guide/system/software/updating/ensure_package_repositories_are_configured/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_package_repositories_are_configured/rule.yml
@@ -16,15 +16,17 @@ severity: medium
identifiers:
cce@sle12: CCE-92389-6
cce@sle15: CCE-92489-4
+ cce@slmicro5: CCE-94063-5
references:
cis@sle12: 1.2.2
cis@sle15: 1.2.2
+ cis@slmicro5: 1.2.2
ocil_clause: 'Your package manager repositories are not configured according to site policy'
ocil: |-
- To verify repositories are configured correctly run the following command:
+ To verify repositories are configured correctly run the following command:
$ sudo zypper repos
- If your package manager repositories are not configured correctly, you have to
- configure them according to site policy.
+ If your package manager repositories are not configured correctly, you have to
+ configure them according to site policy.
diff --git a/products/slmicro5/product.yml b/products/slmicro5/product.yml
index 5d7b6425c57..95282f2e71b 100644
--- a/products/slmicro5/product.yml
+++ b/products/slmicro5/product.yml
@@ -46,5 +46,8 @@ platform_package_overrides:
sssd: "sssd"
passwd: "shadow"
+reference_uris:
+ cis: 'https://www.cisecurity.org/benchmark/suse_linux/'
+
sysctl_remediate_drop_in_file: "true"
journald_conf_dir_path: /etc/systemd/journal.conf.d
diff --git a/products/slmicro5/profiles/cis.profile b/products/slmicro5/profiles/cis.profile
new file mode 100644
index 00000000000..34fd6156294
--- /dev/null
+++ b/products/slmicro5/profiles/cis.profile
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - truzzon
+ - rumch-se
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+
+title: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5 for Level 2 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 2 - Server"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 Benchmark™, v1.0.0.
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 CIS Benchmarks™ content.
+
+selections:
+ - cis_slmicro5:all:l2_server
diff --git a/products/slmicro5/profiles/cis_server_l1.profile b/products/slmicro5/profiles/cis_server_l1.profile
new file mode 100644
index 00000000000..c666c0033ed
--- /dev/null
+++ b/products/slmicro5/profiles/cis_server_l1.profile
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - truzzon
+ - rumch-se
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+
+title: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5 for Level 1 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 1 - Server"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 Benchmark™, v1.0.0
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 CIS Benchmarks™ content.
+
+selections:
+ - cis_slmicro5:all:l1_server
diff --git a/products/slmicro5/profiles/cis_workstation_l1.profile b/products/slmicro5/profiles/cis_workstation_l1.profile
new file mode 100644
index 00000000000..52e9c6b0305
--- /dev/null
+++ b/products/slmicro5/profiles/cis_workstation_l1.profile
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - truzzon
+ - rumch-se
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+
+title: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5 for Level 1 - Workstation'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 1 - Workstation"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 for Benchmark™, v1.0.0.
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 CIS Benchmarks™ content.
+
+selections:
+ - cis_slmicro5:all:l1_workstation
diff --git a/products/slmicro5/profiles/cis_workstation_l2.profile b/products/slmicro5/profiles/cis_workstation_l2.profile
new file mode 100644
index 00000000000..607e3b89762
--- /dev/null
+++ b/products/slmicro5/profiles/cis_workstation_l2.profile
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - truzzon
+ - rumch-se
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+
+title: 'CIS benchmark for SUSE Linux Enterprise Micro (SLEM) 5 for Level 2 - Workstation'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 2 - Workstation"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 for Benchmark™, v1.0.0.
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise Micro (SLEM) 5 CIS Benchmarks™ content.
+
+selections:
+ - cis_slmicro5:all:l2_workstation
diff --git a/shared/applicability/oval/installed_env_has_grub2_package.xml b/shared/applicability/oval/installed_env_has_grub2_package.xml
index 9b97bf7e985..01020320142 100644
--- a/shared/applicability/oval/installed_env_has_grub2_package.xml
+++ b/shared/applicability/oval/installed_env_has_grub2_package.xml
@@ -31,7 +31,7 @@
- {{% if product in ["sle12", "sle15"] %}}grub2{{% else %}}grub2-common{{% endif %}}
+ {{% if product in ["sle12", "sle15", "slmicro5"] %}}grub2{{% else %}}grub2-common{{% endif %}}
{{% elif pkg_system == "dpkg" %}}