Merge pull request ComplianceAsCode#12353 from svet-se/slmicro5-stig-…

…add-accounts-and-amount-rules-support

Slmicro5 stig add accounts and amount rules support

controls/stig_slmicro5.yml

@@ -148,15 +148,17 @@ controls:
       title:
           A separate file system must be used for SLEM 5 user home directories (such
           as /home or an equivalent).
-      rules: []
-      status: pending
+      rules:
+          - partition_for_home
+      status: automated
 
     - id: SLEM-05-231015
       levels:
           - medium
       title: SLEM 5 must use a separate file system for /var.
-      rules: []
-      status: pending
+      rules:
+          - partition_for_var
+      status: automated
 
     - id: SLEM-05-231020
       levels:
@@ -173,26 +175,29 @@ controls:
           SLEM 5 file systems that are being imported via Network File System (NFS)
           must be mounted to prevent files with the setuid and setgid bit set from being
           executed.
-      rules: []
-      status: pending
+      rules:
+          - mount_option_nosuid_remote_filesystems
+      status: automated
 
     - id: SLEM-05-231030
       levels:
           - medium
       title:
           SLEM 5 file systems that are being imported via Network File System (NFS)
           must be mounted to prevent binary files from being executed.
-      rules: []
-      status: pending
+      rules:
+          - mount_option_noexec_remote_filesystems
+      status: automated
 
     - id: SLEM-05-231035
       levels:
           - medium
       title:
           SLEM 5 file systems that are used with removable media must be mounted to
           prevent files with the setuid and setgid bit set from being executed.
-      rules: []
-      status: pending
+      rules:
+          - mount_option_nosuid_removable_partitions
+      status: automated
 
     - id: SLEM-05-231040
       levels:
@@ -211,8 +216,9 @@ controls:
       title:
           SLEM 5 file systems that contain user home directories must be mounted to
           prevent files with the setuid and setgid bit set from being executed.
-      rules: []
-      status: pending
+      rules:
+          - mount_option_home_nosuid
+      status: automated
 
     - id: SLEM-05-231050
       levels:
@@ -359,15 +365,17 @@ controls:
       levels:
           - medium
       title: All SLEM 5 files and directories must have a valid owner.
-      rules: []
-      status: pending
+      rules:
+          - no_files_unowned_by_user
+      status: automated
 
     - id: SLEM-05-232095
       levels:
           - medium
       title: All SLEM 5 files and directories must have a valid group owner.
-      rules: []
-      status: pending
+      rules:
+          - file_permissions_ungroupowned
+      status: automated
 
     - id: SLEM-05-232100
       levels:
@@ -385,8 +393,9 @@ controls:
       title:
           All SLEM 5 world-writable directories must be group-owned by root, sys, bin,
           or an application group.
-      rules: []
-      status: pending
+      rules:
+          - dir_perms_world_writable_system_owned_group
+      status: automated
 
     - id: SLEM-05-232110
       levels:
@@ -840,15 +849,17 @@ controls:
       title:
           All SLEM 5 local interactive user initialization files executable search
           paths must contain only paths that resolve to the users' home directory.
-      rules: []
-      status: pending
+      rules:
+          - accounts_user_home_paths_only
+      status: automated
 
     - id: SLEM-05-411040
       levels:
           - medium
       title: All SLEM 5 local initialization files must not execute world-writable programs.
-      rules: []
-      status: pending
+      rules:
+          - accounts_user_dot_no_world_writable_programs
+      status: automated
 
     - id: SLEM-05-411045
       levels:

linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml

@@ -19,6 +19,7 @@ identifiers:
     cce@rhel10: CCE-86463-7
     cce@sle12: CCE-83103-2
     cce@sle15: CCE-85636-9
+    cce@slmicro5: CCE-93794-6
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5

linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml

@@ -17,6 +17,7 @@ identifiers:
     cce@rhel10: CCE-90504-2
     cce@sle12: CCE-83102-4
     cce@sle15: CCE-85635-1
+    cce@slmicro5: CCE-93793-8
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5

linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml

@@ -23,6 +23,7 @@ identifiers:
     cce@rhel10: CCE-90449-0
     cce@sle12: CCE-83099-2
     cce@sle15: CCE-85632-8
+    cce@slmicro5: CCE-93790-4
 
 references:
     cis@sle12: 6.2.8

linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml

@@ -27,6 +27,7 @@ identifiers:
     cce@rhel10: CCE-88926-1
     cce@sle12: CCE-83098-4
     cce@sle15: CCE-85631-0
+    cce@slmicro5: CCE-93789-6
 
 references:
     disa: CCI-000366

linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml

@@ -23,6 +23,7 @@ identifiers:
     cce@rhel8: CCE-85886-0
     cce@sle12: CCE-83104-0
     cce@sle15: CCE-85637-7
+    cce@slmicro5: CCE-93795-3
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5

linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml

@@ -30,6 +30,7 @@ identifiers:
     cce@rhel10: CCE-88305-8
     cce@sle12: CCE-83073-7
     cce@sle15: CCE-85658-3
+    cce@slmicro5: CCE-93799-5
 
 references:
     cis-csc: 1,11,12,13,14,15,16,18,3,5

linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml

@@ -29,6 +29,7 @@ identifiers:
     cce@rhel10: CCE-89680-3
     cce@sle12: CCE-83072-9
     cce@sle15: CCE-85657-5
+    cce@slmicro5: CCE-93798-7
 
 references:
     cis-csc: 11,12,13,14,15,16,18,3,5,9

linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml

@@ -21,6 +21,7 @@ identifiers:
     cce@rhel10: CCE-88987-3
     cce@sle12: CCE-83100-8
     cce@sle15: CCE-85633-6
+    cce@slmicro5: CCE-93791-2
 
 references:
     cis-csc: 11,13,14,3,8,9

linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml

@@ -25,6 +25,7 @@ identifiers:
     cce@rhel10: CCE-88078-1
     cce@sle12: CCE-83101-6
     cce@sle15: CCE-85634-4
+    cce@slmicro5: CCE-93792-0
 
 references:
     cis-csc: 11,12,13,14,15,16,18,3,5,8,9

linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml

@@ -23,6 +23,7 @@ identifiers:
     cce@rhel10: CCE-88231-6
     cce@sle12: CCE-83152-9
     cce@sle15: CCE-85639-3
+    cce@slmicro5: CCE-93796-1
 
 references:
     cis-csc: 12,15,8

linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml

@@ -22,6 +22,7 @@ identifiers:
     cce@rhel10: CCE-89166-3
     cce@sle12: CCE-83153-7
     cce@sle15: CCE-85640-1
+    cce@slmicro5: CCE-93797-9
 
 references:
     cis-csc: 12,15,8

shared/references/cce-slmicro5-avail.txt

@@ -16,17 +16,6 @@ CCE-93743-3
 CCE-93757-3
 CCE-93777-1
 CCE-93783-9
-CCE-93789-6
-CCE-93790-4
-CCE-93791-2
-CCE-93792-0
-CCE-93793-8
-CCE-93794-6
-CCE-93795-3
-CCE-93796-1
-CCE-93797-9
-CCE-93798-7
-CCE-93799-5
 CCE-93800-1
 CCE-93801-9
 CCE-93802-7