diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 0599000bedd..14e3ba5e66a 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -148,15 +148,17 @@ controls: title: A separate file system must be used for SLEM 5 user home directories (such as /home or an equivalent). - rules: [] - status: pending + rules: + - partition_for_home + status: automated - id: SLEM-05-231015 levels: - medium title: SLEM 5 must use a separate file system for /var. - rules: [] - status: pending + rules: + - partition_for_var + status: automated - id: SLEM-05-231020 levels: @@ -173,8 +175,9 @@ controls: SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed. - rules: [] - status: pending + rules: + - mount_option_nosuid_remote_filesystems + status: automated - id: SLEM-05-231030 levels: @@ -182,8 +185,9 @@ controls: title: SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed. - rules: [] - status: pending + rules: + - mount_option_noexec_remote_filesystems + status: automated - id: SLEM-05-231035 levels: @@ -191,8 +195,9 @@ controls: title: SLEM 5 file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed. - rules: [] - status: pending + rules: + - mount_option_nosuid_removable_partitions + status: automated - id: SLEM-05-231040 levels: @@ -211,8 +216,9 @@ controls: title: SLEM 5 file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed. - rules: [] - status: pending + rules: + - mount_option_home_nosuid + status: automated - id: SLEM-05-231050 levels: @@ -359,15 +365,17 @@ controls: levels: - medium title: All SLEM 5 files and directories must have a valid owner. - rules: [] - status: pending + rules: + - no_files_unowned_by_user + status: automated - id: SLEM-05-232095 levels: - medium title: All SLEM 5 files and directories must have a valid group owner. - rules: [] - status: pending + rules: + - file_permissions_ungroupowned + status: automated - id: SLEM-05-232100 levels: @@ -385,8 +393,9 @@ controls: title: All SLEM 5 world-writable directories must be group-owned by root, sys, bin, or an application group. - rules: [] - status: pending + rules: + - dir_perms_world_writable_system_owned_group + status: automated - id: SLEM-05-232110 levels: @@ -840,15 +849,17 @@ controls: title: All SLEM 5 local interactive user initialization files executable search paths must contain only paths that resolve to the users' home directory. - rules: [] - status: pending + rules: + - accounts_user_home_paths_only + status: automated - id: SLEM-05-411040 levels: - medium title: All SLEM 5 local initialization files must not execute world-writable programs. - rules: [] - status: pending + rules: + - accounts_user_dot_no_world_writable_programs + status: automated - id: SLEM-05-411045 levels: diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml index 5054035ec29..6673f2b5ba2 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml @@ -19,6 +19,7 @@ identifiers: cce@rhel10: CCE-86463-7 cce@sle12: CCE-83103-2 cce@sle15: CCE-85636-9 + cce@slmicro5: CCE-93794-6 references: cis-csc: 12,13,14,15,16,18,3,5 diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml index e8d7cab7863..11ef40a6463 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml @@ -17,6 +17,7 @@ identifiers: cce@rhel10: CCE-90504-2 cce@sle12: CCE-83102-4 cce@sle15: CCE-85635-1 + cce@slmicro5: CCE-93793-8 references: cis-csc: 12,13,14,15,16,18,3,5 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml index 8065f0085e5..ebab6010f08 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml @@ -23,6 +23,7 @@ identifiers: cce@rhel10: CCE-90449-0 cce@sle12: CCE-83099-2 cce@sle15: CCE-85632-8 + cce@slmicro5: CCE-93790-4 references: cis@sle12: 6.2.8 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml index 6d4ef3b0e9f..a59cb8c08fb 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml @@ -27,6 +27,7 @@ identifiers: cce@rhel10: CCE-88926-1 cce@sle12: CCE-83098-4 cce@sle15: CCE-85631-0 + cce@slmicro5: CCE-93789-6 references: disa: CCI-000366 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml index f40488fb9f0..7a11abcd6b4 100644 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml @@ -23,6 +23,7 @@ identifiers: cce@rhel8: CCE-85886-0 cce@sle12: CCE-83104-0 cce@sle15: CCE-85637-7 + cce@slmicro5: CCE-93795-3 references: cis-csc: 12,13,14,15,16,18,3,5 diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml index 6b69dff6946..7b689e4323f 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml @@ -30,6 +30,7 @@ identifiers: cce@rhel10: CCE-88305-8 cce@sle12: CCE-83073-7 cce@sle15: CCE-85658-3 + cce@slmicro5: CCE-93799-5 references: cis-csc: 1,11,12,13,14,15,16,18,3,5 diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml index 6d816bdd80b..b4359831c49 100644 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml @@ -29,6 +29,7 @@ identifiers: cce@rhel10: CCE-89680-3 cce@sle12: CCE-83072-9 cce@sle15: CCE-85657-5 + cce@slmicro5: CCE-93798-7 references: cis-csc: 11,12,13,14,15,16,18,3,5,9 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml index e846fd0cbfa..3205d4da718 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml @@ -21,6 +21,7 @@ identifiers: cce@rhel10: CCE-88987-3 cce@sle12: CCE-83100-8 cce@sle15: CCE-85633-6 + cce@slmicro5: CCE-93791-2 references: cis-csc: 11,13,14,3,8,9 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml index 07939ee195d..847ecc29632 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml @@ -25,6 +25,7 @@ identifiers: cce@rhel10: CCE-88078-1 cce@sle12: CCE-83101-6 cce@sle15: CCE-85634-4 + cce@slmicro5: CCE-93792-0 references: cis-csc: 11,12,13,14,15,16,18,3,5,8,9 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml index e683fdfbf12..4df936b80a1 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml @@ -23,6 +23,7 @@ identifiers: cce@rhel10: CCE-88231-6 cce@sle12: CCE-83152-9 cce@sle15: CCE-85639-3 + cce@slmicro5: CCE-93796-1 references: cis-csc: 12,15,8 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml index 88cda79353e..adaabdd03b5 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml @@ -22,6 +22,7 @@ identifiers: cce@rhel10: CCE-89166-3 cce@sle12: CCE-83153-7 cce@sle15: CCE-85640-1 + cce@slmicro5: CCE-93797-9 references: cis-csc: 12,15,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 3973c820299..9bdd0325515 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -16,17 +16,6 @@ CCE-93743-3 CCE-93757-3 CCE-93777-1 CCE-93783-9 -CCE-93789-6 -CCE-93790-4 -CCE-93791-2 -CCE-93792-0 -CCE-93793-8 -CCE-93794-6 -CCE-93795-3 -CCE-93796-1 -CCE-93797-9 -CCE-93798-7 -CCE-93799-5 CCE-93800-1 CCE-93801-9 CCE-93802-7