Merge pull request #12570 from svet-se/update-sle15-stig-version-to-v2r2

Update SLE15 STIG version to V2R2
ComplianceAsCode · Nov 5, 2024 · bf70996 · bf70996
2 parents 40c2426 + f6f7400
commit bf70996
Show file tree

Hide file tree

Showing 6 changed files with 97 additions and 106 deletions.
diff --git a/...ng/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/ansible/shared.yml b/...ng/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 7,Red Hat Virtualization 4,multi_platform_sle,multi_platform_slmicro
+# platform = Oracle Linux 7,Red Hat Virtualization 4,SUSE Linux Enterprise 12,multi_platform_slmicro
 # reboot = false
 # complexity = low
 # disruption = low

diff --git a/...diting/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/...diting/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
@@ -1,7 +1,7 @@
 # platform = multi_platform_all
 
 AUDISP_REMOTE_CONFIG="{{{ audisp_conf_path }}}/audisp-remote.conf"
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
 option="^transport"
 value="KRB5"
 {{% else %}}

diff --git a/...iting/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/...iting/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
@@ -2,7 +2,7 @@
 
 <def-group>
   <definition class="compliance" id="auditd_audispd_encrypt_sent_records" version="1">
-    {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+    {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
     {{{ oval_metadata("transport setting in " + audisp_config_file_path + " is set to 'KRB5'") }}}
     {{% else %}}
     {{{ oval_metadata("enable_krb5 setting in " + audisp_config_file_path + " is set to 'yes'") }}}
@@ -22,7 +22,7 @@
     <ind:filepath>{{{ audisp_config_file_path }}}</ind:filepath>
     <!-- Allow only space (exactly) as delimiter -->
     <!-- Require at least one space before and after the equal sign -->
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
     <ind:pattern operation="pattern match">^[ ]*transport[ ]+=[ ]+KRB5[ ]*$</ind:pattern>
 {{% else %}}
     <ind:pattern operation="pattern match">^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$</ind:pattern>

diff --git a/...ide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/...ide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -6,7 +6,7 @@ title: 'Encrypt Audit Records Sent With audispd Plugin'
 description: |-
     Configure the operating system to encrypt the transfer of off-loaded audit
     records onto a different system or media from the system being audited.
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
     Set the <tt>transport</tt> option in <pre>{{{ audisp_conf_path }}}/audisp-remote.conf</pre>
     to <tt>KRB5</tt>.
 {{% else %}}
@@ -43,7 +43,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
 ocil: |-
     To verify the audispd plugin encrypts audit records off-loaded onto a different
     system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
     <pre>$ sudo grep -i transport {{{ audisp_conf_path }}}/audisp-remote.conf</pre>
     The output should return the following:
     <pre>transport = KRB5</pre>
@@ -55,7 +55,7 @@ ocil: |-
 
 fixtext: |-
     Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin.
-{{% if product in ["fedora", "ol8", "ol9", "rhv4"] or "rhel" in product %}}
+{{% if product in ["fedora", "ol8", "ol9", "rhv4", "sle15"] or "rhel" in product %}}
     Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5".
 {{% else %}}
     Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf",

diff --git a/products/sle15/profiles/stig.profile b/products/sle15/profiles/stig.profile
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 metadata:
-    version: V2R1
+    version: V2R2
     SMEs:
         - abergmann
 
@@ -11,13 +11,13 @@ title: 'DISA STIG for SUSE Linux Enterprise 15'
 
 description: |-
     This profile contains configuration checks that align to the
-    DISA STIG for SUSE Linux Enterprise 15 V2R1.
+    DISA STIG for SUSE Linux Enterprise 15 V2R2.
 
 
 selections:
     - var_account_disable_post_pw_expiration=35
     - var_accounts_fail_delay=4
-    - var_accounts_tmout=15_min
+    - var_accounts_tmout=10_min
     - inactivity_timeout_value=15_minutes
     - var_password_pam_dcredit=1
     - var_password_pam_lcredit=1

diff --git a/...ces/disa-stig-sle15-v2r1-xccdf-manual.xml → ...ces/disa-stig-sle15-v2r2-xccdf-manual.xml b/...ces/disa-stig-sle15-v2r1-xccdf-manual.xml → ...ces/disa-stig-sle15-v2r2-xccdf-manual.xml