Add more rules for SLE16 ANSSI profiles

[teacup-on-rockingchair]

Description:

• Enable more rules to ANSSI related profiles for SLE16 platform

Rationale:

• Enable for sle16 rules:

  • package_sendmail_removed
  • package_kea_removed
  • service_chronyd_enabled
  • package_xinetd_removed
  • package_talk-server_removed
  • package_talk_removed
  • accounts_passwords_pam_faillock
  • accounts_password_pam_unix_rounds_password_auth
  • ensure_logrotate_activated
  • sysctl_net_ipv6_conf_all_autoconf
  • sysctl_net_ipv4_conf_all_drop_gratuitous_arp
  • mount_option_tmp_noexec
  • sysctl_kernel_unprivileged_bpf_disabled
  • sysctl_fs_protected_fifos
  • sysctl_fs_protected_regular

• Minor patch in bash_ensure_pam_module_configuration macro for SLE platform

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

bash remediation for rule 'xccdf_org.ssgproject.content_rule_ensure_logrotate_activated' differs.
--- xccdf_org.ssgproject.content_rule_ensure_logrotate_activated
+++ xccdf_org.ssgproject.content_rule_ensure_logrotate_activated
@@ -1,7 +1,8 @@
 # Remediation is applicable only in certain platforms
 if rpm --quiet -q kernel-core && { rpm --quiet -q logrotate; }; then
 
-LOGROTATE_CONF_FILE="/etc/logrotate.conf"
+LOGROTATE_CONF_FILE='/etc/logrotate.conf'
+
 
 if ! rpm -q --quiet "crontabs" ; then
     yum install -y "crontabs"