Merge pull request #12580 from svet-se/update-sle12-stig-version-to-v3r1

Update SLE12 STIG version to V3R1
ComplianceAsCode · Nov 6, 2024 · 3a3c3b5 · 3a3c3b5
2 parents 9b736e5 + 0c7df6c
commit 3a3c3b5
Show file tree

Hide file tree

Showing 8 changed files with 283 additions and 324 deletions.
diff --git a/...ounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml b/...ounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember/rule.yml
@@ -30,7 +30,6 @@ references:
     disa: CCI-000200
     nist@sle12: IA-5(1)(e),IA-5 (1).1(v)
     srg: SRG-OS-000077-GPOS-00045
-    stigid@sle12: SLES-12-010310
 
 ocil_clause: |-
      the value of remember is not set equal to or greater than {{{ xccdf_value("var_password_pam_remember") }}}

diff --git a/...ns/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml b/...ns/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_slmicro
+# platform = multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low

diff --git a/...ssions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh b/...ssions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_slmicro
+# platform = multi_platform_slmicro
 
 # Create /etc/security/opasswd if needed
 # Owner group mode root.root 0600

diff --git a/.../permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml b/.../permissions/files/permissions_important_account_files/file_etc_security_opasswd/rule.yml
@@ -25,7 +25,6 @@ references:
     disa: CCI-000200
     nist@sle12: IA-5(1)(e),IA-5(1).1(v)
     srg: SRG-OS-000077-GPOS-00045
-    stigid@sle12: SLES-12-010300
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/etc/security/opasswd", owner="root") }}} and {{{ ocil_clause_file_group_owner(file="/etc/security/opasswd", group="root") }}} and {{{ ocil_clause_file_permissions(file="/etc/security/opasswd", perms="0600") }}}'
 

diff --git a/.../mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/.../mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
@@ -24,7 +24,6 @@ references:
     disa: CCI-001263,CCI-000366
     nist: SI-2(2)
     srg: SRG-OS-000191-GPOS-00080
-    stigid@sle12: SLES-12-010599
 
 ocil_clause: 'virus scanning software is not running'
 

diff --git a/...e_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/...e_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
@@ -34,7 +34,6 @@ references:
     nist: SI-2(2)
     srg: SRG-OS-000191-GPOS-00080
     stigid@rhel8: RHEL-08-010001
-    stigid@sle12: SLES-12-010599
     stigid@ubuntu2004: UBTU-20-010415
 
 ocil_clause: 'the package is not installed'

diff --git a/products/sle12/profiles/stig.profile b/products/sle12/profiles/stig.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
-    version: V2R13
+    version: V3R1
     SMEs:
         - abergmann
 
@@ -11,22 +11,21 @@ title: 'DISA STIG for SUSE Linux Enterprise 12'
 
 description: |-
     This profile contains configuration checks that align to the
-    DISA STIG for SUSE Linux Enterprise 12 V2R13.
+    DISA STIG for SUSE Linux Enterprise 12 V3R1.
 
 selections:
     - sshd_approved_macs=stig
     - sshd_approved_ciphers=stig
     - var_account_disable_post_pw_expiration=35
     - var_accounts_fail_delay=4
-    - var_accounts_tmout=15_min
+    - var_accounts_tmout=10_min
     - inactivity_timeout_value=15_minutes
     - var_password_pam_dcredit=1
     - var_password_pam_delay=4000000
     - var_password_pam_difok=8
     - var_password_pam_lcredit=1
     - var_password_pam_minlen=15
     - var_password_pam_ocredit=1
-    - var_password_pam_remember=5
     - var_password_pam_retry=3
     - var_password_pam_ucredit=1
     - var_accounts_maximum_age_login_defs=60
@@ -59,7 +58,6 @@ selections:
     - accounts_password_all_shadowed_sha512
     - accounts_passwords_pam_faildelay_delay
     - accounts_passwords_pam_tally2
-    - accounts_password_pam_pwhistory_remember
     - accounts_password_set_max_life_existing
     - accounts_password_set_min_life_existing
     - accounts_tmout
@@ -70,7 +68,6 @@ selections:
     - accounts_user_interactive_home_directory_defined
     - accounts_user_interactive_home_directory_exists
     - account_temp_expire_date
-    - agent_mfetpd_running
     - aide_build_database
     - aide_check_audit_tools
     - aide_periodic_cron_checking
@@ -182,7 +179,6 @@ selections:
     - encrypt_partitions
     - ensure_gpgcheck_globally_activated
     - ensure_rtc_utc_configuration
-    - file_etc_security_opasswd
     - file_groupownership_home_directories
     - file_groupownership_system_commands_dirs
     - file_ownership_binary_dirs
@@ -223,7 +219,6 @@ selections:
     - package_audit-audispd-plugins_installed
     - package_audit_installed
     - package_mailx_installed
-    - package_mcafeetp_installed
     - package_pam_apparmor_installed
     - package_SuSEfirewall2_installed
     - package_telnet-server_removed

diff --git a/...es/disa-stig-sle12-v2r13-xccdf-manual.xml → ...ces/disa-stig-sle12-v3r1-xccdf-manual.xml b/...es/disa-stig-sle12-v2r13-xccdf-manual.xml → ...ces/disa-stig-sle12-v3r1-xccdf-manual.xml