diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index bf0bd48403dc..c359d10a7564 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 stigid@sle12: SLES-12-020460 - stigid@sle15: SLES-15-030290 ocil_clause: 'the system is not configured to audit permission changes' diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index d25df1bbd7d3..71b8b9cd9a78 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 stigid@sle12: SLES-12-020420 - stigid@sle15: SLES-15-030250 {{{ complete_ocil_entry_audit_syscall(syscall="chown") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index eaac617a07c7..96b83a58a929 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 stigid@sle12: SLES-12-020460 - stigid@sle15: SLES-15-030290 {{{ complete_ocil_entry_audit_syscall(syscall="fchmod") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index e947bb93ef8d..a569528ec071 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -55,7 +55,6 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 stigid@sle12: SLES-12-020460 - stigid@sle15: SLES-15-030290 {{{ complete_ocil_entry_audit_syscall(syscall="fchmodat") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index 5f260a163ff8..1ad364fb717a 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -58,7 +58,6 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 stigid@sle12: SLES-12-020420 - stigid@sle15: SLES-15-030250 {{{ complete_ocil_entry_audit_syscall(syscall="fchown") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index ced1e57df1d8..1361dbe3be5d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -55,7 +55,6 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 stigid@sle12: SLES-12-020420 - stigid@sle15: SLES-15-030250 {{{ complete_ocil_entry_audit_syscall(syscall="fchownat") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index 9c142b436839..93d7698e8216 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -73,7 +73,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="fremovexattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 2f8460a1475f..3ca88c4b2fd1 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -67,7 +67,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="fsetxattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index 71228638c5b7..1205fe57cb5c 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -59,7 +59,6 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 stigid@sle12: SLES-12-020420 - stigid@sle15: SLES-15-030250 {{{ complete_ocil_entry_audit_syscall(syscall="lchown") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index 74af5cb4a474..d4b352cc6c1b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -72,7 +72,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="lremovexattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index d1c6b36cfe18..9f606707d3d1 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -67,7 +67,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="lsetxattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index f66be4ce29f9..d28bce273e24 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -71,7 +71,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="removexattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 24c5c5128f12..e9b0e54f6220 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -67,7 +67,6 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030200 stigid@sle12: SLES-12-020370 - stigid@sle15: SLES-15-030190 {{{ complete_ocil_entry_audit_syscall(syscall="setxattr") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml index 5615f21a3b85..d95c0e113e52 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount/rule.yml @@ -35,7 +35,6 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@sle12: SLES-12-020300 - stigid@sle15: SLES-15-030360 ocil_clause: '{{{ ocil_clause_audit() }}}' diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml index 6d3821a97db7..c9721e260a56 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_umount2/rule.yml @@ -40,7 +40,6 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@sle12: SLES-12-020300 - stigid@sle15: SLES-15-030360 {{{ complete_ocil_entry_audit_syscall(syscall="umount2") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml index 2d545e951385..46c16dfd003f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml @@ -30,7 +30,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 stigid@ol8: OL08-00-030570 stigid@sle12: SLES-12-020620 - stigid@sle15: SLES-15-030440 {{{ ocil_fix_srg_privileged_command("chacl", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml index d1291a88c512..8fe1302e271b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml @@ -27,7 +27,6 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@sle12: SLES-12-020600 - stigid@sle15: SLES-15-030420 ocil: |- To verify that execution of the command is being audited, run the following command: diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml index 56b841cb2fcb..c9a7cd950019 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml @@ -29,7 +29,6 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030330 stigid@sle12: SLES-12-020610 - stigid@sle15: SLES-15-030430 {{{ ocil_fix_srg_privileged_command("setfacl", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml index 46c526ac68f7..9ba329f94c42 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -46,7 +46,6 @@ references: stigid@ol7: OL07-00-030580 stigid@ol8: OL08-00-030260 stigid@sle12: SLES-12-020630 - stigid@sle15: SLES-15-030450 {{{ ocil_fix_srg_privileged_command("chcon", "/usr/bin/", "perm_mod") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml index f44a5385e761..d4b221cfa8a2 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml @@ -27,7 +27,6 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@sle12: SLES-12-020640 - stigid@sle15: SLES-15-030460 ocil: |- To verify that execution of the command is being audited, run the following command: diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml index 24bbb5c20e6a..c563651b4d4e 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml @@ -62,7 +62,6 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030420 stigid@sle12: SLES-12-020490 - stigid@sle15: SLES-15-030150 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("creat", "access") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml index 2028094a96f3..c3df4964cb97 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml @@ -62,7 +62,6 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030420 stigid@sle12: SLES-12-020490 - stigid@sle15: SLES-15-030150 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("ftruncate", "access") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index fe58f9ccd263..15861002b09b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -66,7 +66,6 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030420 stigid@sle12: SLES-12-020490 - stigid@sle15: SLES-15-030150 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("open", "access") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml index 71a6883e4cd1..0f2584da7c21 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml @@ -56,7 +56,6 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030420 stigid@sle12: SLES-12-020490 - stigid@sle15: SLES-15-030150 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("open_by_handle_at", "access") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml index 60f10c9d79ba..1fb647e1a7db 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml @@ -62,7 +62,6 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030420 stigid@sle12: SLES-12-020490 - stigid@sle15: SLES-15-030150 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("openat", "access") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml index a8fa3b592b4b..f6979d523457 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml @@ -53,7 +53,6 @@ references: pcidss: Req-10.2.4,Req-10.2.1 srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000468-GPOS-00212,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@sle12: SLES-12-020411 - stigid@sle15: SLES-15-030740 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("rename", "unsuccessful-delete") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml index e1aafd60d663..ed1576ab8dc9 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml @@ -59,7 +59,6 @@ references: pcidss: Req-10.2.4,Req-10.2.1 srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000468-GPOS-00212,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 stigid@sle12: SLES-12-020411 - stigid@sle15: SLES-15-030740 ocil: |- {{{ ocil_audit_rules_unsuccessful_file_modification("renameat", "unsuccessful-delete") | indent(4) }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat2/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat2/rule.yml index 8597ce55eec9..1baaf6ce2999 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat2/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat2/rule.yml @@ -5,11 +5,11 @@ title: 'Record Unsuccessful Delete Attempts to Files - renameat2' description: |- The operating system must generate audit records for all uses of the renameat2 system call. - Without generating audit records specific to the security and mission needs of the organization, it would be + Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). - Add or update the following lines to /etc/audit/rules.d/audit.rules to configure the operating system to generate - an audit record for all uses of the renameat2 system call: + Add or update the following lines to /etc/audit/rules.d/audit.rules to configure the operating system to generate + an audit record for all uses of the renameat2 system call:
-a always,exit -F arch=b32 -S renameat2 -F auid>={{{ uid_min }}} -F auid!=-1 -k perm_mod
-a always,exit -F arch=b64 -S renameat2 -F auid>={{{ uid_min }}} -F auid!=-1 -k perm_mod
@@ -26,7 +26,6 @@ identifiers:
references:
nist@sle15: AU-12(c),AU-12.1(iv)
srg: SRG-OS-000468-GPOS-00212
- stigid@sle15: SLES-15-030740
{{{ complete_ocil_entry_audit_unsuccessful_syscall(syscall="renameat2") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 7f24feabc8e3..4dd4e9aa01df 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -61,7 +61,6 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@sle12: SLES-12-020490
- stigid@sle15: SLES-15-030150
ocil: |-
{{{ ocil_audit_rules_unsuccessful_file_modification("truncate", "access") | indent(4) }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
index bfb9b645fd48..b8a8bde22990 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
@@ -65,7 +65,6 @@ references:
pcidss: Req-10.2.4,Req-10.2.1
srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000468-GPOS-00212,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@sle12: SLES-12-020411
- stigid@sle15: SLES-15-030740
ocil: |-
{{{ ocil_audit_rules_unsuccessful_file_modification("unlink", "unsuccessful-delete") | indent(4) }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
index 1511b5a81fe8..242daceadf10 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
@@ -62,7 +62,6 @@ references:
pcidss: Req-10.2.4,Req-10.2.1
srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000468-GPOS-00212,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270
stigid@sle12: SLES-12-020411
- stigid@sle15: SLES-15-030740
ocil: |-
{{{ ocil_audit_rules_unsuccessful_file_modification("unlinkat", "unsuccessful-delete") | indent(4) }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index 25f668b942e6..532b63321448 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol7: OL07-00-030830
stigid@ol8: OL08-00-030390
stigid@sle12: SLES-12-020730
- stigid@sle15: SLES-15-030520
{{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index 4117218a3287..46880f6833fd 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -40,7 +40,6 @@ references:
stigid@ol7: OL07-00-030820
stigid@ol8: OL08-00-030360
stigid@sle12: SLES-12-020740
- stigid@sle15: SLES-15-030530
{{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index 2947c3fe297e..b6eefe06ed29 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol7: OL07-00-030820
stigid@ol8: OL08-00-030360
stigid@sle12: SLES-12-020740
- stigid@sle15: SLES-15-030530
{{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index 6fb6c3cca539..2e1a28d286a8 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol7: OL07-00-030620
stigid@ol8: OL08-00-030600
stigid@sle12: SLES-12-020660
- stigid@sle15: SLES-15-030480
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
index b4f178c19111..07fdf2a2e701 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
@@ -39,7 +39,6 @@ references:
pcidss: Req-10.2.3
srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275
stigid@sle12: SLES-12-020650
- stigid@sle15: SLES-15-030470
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
index cf71821e6937..89ede770ae94 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-030660
stigid@ol8: OL08-00-030250
stigid@sle12: SLES-12-020690
- stigid@sle15: SLES-15-030120
{{{ ocil_fix_srg_privileged_command("chage") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml
index 7bb2ee7bf5e5..1aedae1806c3 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chfn/rule.yml
@@ -26,7 +26,6 @@ identifiers:
references:
nist: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
stigid@sle12: SLES-12-020280
- stigid@sle15: SLES-15-030340
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
index db76114e7c52..685d4fde3fa3 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-030720
stigid@ol8: OL08-00-030410
stigid@sle12: SLES-12-020580
- stigid@sle15: SLES-15-030100
{{{ ocil_fix_srg_privileged_command("chsh") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
index bed9679415a5..990a6f0a037c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-030800
stigid@ol8: OL08-00-030400
stigid@sle12: SLES-12-020710
- stigid@sle15: SLES-15-030130
{{{ ocil_fix_srg_privileged_command("crontab") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
index 3e6b252e92c8..aded41a6b1ca 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-030650
stigid@ol8: OL08-00-030370
stigid@sle12: SLES-12-020560
- stigid@sle15: SLES-15-030080
{{{ ocil_fix_srg_privileged_command("gpasswd") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index 6b2f502687d1..a4bcb4689174 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -39,7 +39,6 @@ references:
cis@sle15: 4.1.16
nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
- stigid@sle15: SLES-15-030380
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index 4d321ba3a10a..78aad6361769 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -32,7 +32,6 @@ references:
stigid@ol7: OL07-00-030840
stigid@ol8: OL08-00-030580
stigid@sle12: SLES-12-020360
- stigid@sle15: SLES-15-030410
{{{ ocil_fix_srg_privileged_command("kmod") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 4ccc58df4968..d01767bbd54d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -43,7 +43,6 @@ references:
cis@sle15: 4.1.16
nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
- stigid@sle15: SLES-15-030400
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
index 2c62fc261037..b1754b93d7df 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-030710
stigid@ol8: OL08-00-030350
stigid@sle12: SLES-12-020570
- stigid@sle15: SLES-15-030090
{{{ ocil_fix_srg_privileged_command("newgrp") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 1d5bc10c572b..078aeb86a920 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -50,7 +50,6 @@ references:
stigid@ol7: OL07-00-030810
stigid@ol8: OL08-00-030340
stigid@sle12: SLES-12-020720
- stigid@sle15: SLES-15-030510
{{% if product not in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
{{{ ocil_fix_srg_privileged_command("pam_timestamp_check", "/usr/sbin/") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passmass/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passmass/rule.yml
index 34d8c9bc20d4..183af2589520 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passmass/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passmass/rule.yml
@@ -27,7 +27,6 @@ references:
nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015
stigid@sle12: SLES-12-020670
- stigid@sle15: SLES-15-030490
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
index 641ae6b92b5f..4acca3afa661 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-030630
stigid@ol8: OL08-00-030290
stigid@sle12: SLES-12-020550
- stigid@sle15: SLES-15-030070
{{{ ocil_fix_srg_privileged_command("passwd") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index 40f76e0fcbea..70a02c49991a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -39,7 +39,6 @@ references:
cis@sle15: 4.1.16
nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
- stigid@sle15: SLES-15-030390
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
index c837ce565cfb..556889ead2a9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030280
stigid@sle12: SLES-12-020310
- stigid@sle15: SLES-15-030370
{{{ ocil_fix_srg_privileged_command("ssh-agent") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
index 1272c7f12834..9dd913d31d2f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-030780
stigid@ol8: OL08-00-030320
stigid@sle12: SLES-12-020320
- stigid@sle15: SLES-15-030060
{{{ ocil_fix_srg_privileged_command("ssh-keysign", ssh_keysign_path) }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index b06051b91eb8..23ef16dd74e4 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol7: OL07-00-030680
stigid@ol8: OL08-00-030190
stigid@sle12: SLES-12-020250
- stigid@sle15: SLES-15-030550
{{{ ocil_fix_srg_privileged_command("su") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index f6ff8c742532..eb0dbd52a02e 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol7: OL07-00-030690
stigid@ol8: OL08-00-030550
stigid@sle12: SLES-12-020260
- stigid@sle15: SLES-15-030560
{{{ ocil_fix_srg_privileged_command("sudo") }}}
template:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
index b759481795fa..cad432585f78 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
@@ -41,7 +41,6 @@ references:
nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.PT-1
nist@sle15: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235,SRG-OS-000755-GPOS-00220
- stigid@sle15: SLES-15-030330
{{{ ocil_fix_srg_privileged_command("sudoedit") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix2_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix2_chkpwd/rule.yml
index 79d46e355833..daf3ab9d1524 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix2_chkpwd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix2_chkpwd/rule.yml
@@ -40,7 +40,6 @@ references:
nist: AC-2(4),AU-2(d),AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(ii),AU-12.1(iv),AC-6(9),CM-6(a),MA-4(1)(a)
nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.PT-1
srg: SRG-OS-000042-GPOS-00020,SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215,SRG-OS-000037-GPOS-00015
- stigid@sle15: SLES-15-030110
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
index e6232d15e0ec..7ea79357ec34 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
@@ -52,7 +52,6 @@ references:
stigid@ol7: OL07-00-030640
stigid@ol8: OL08-00-030317
stigid@sle12: SLES-12-020680
- stigid@sle15: SLES-15-030110
{{{ ocil_fix_srg_privileged_command("unix_chkpwd") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index a11911aa46bb..5e5db6abfde2 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol8: OL08-00-030560
stigid@sle12: SLES-12-020700
- stigid@sle15: SLES-15-030500
{{{ ocil_fix_srg_privileged_command("usermod") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
index 73892895915f..f166c2ac0612 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/rule.yml
@@ -27,7 +27,6 @@ references:
nist@sle15: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@sle12: SLES-12-020199
- stigid@sle15: SLES-15-030820
ocil_clause: 'syscall auditing is still disabled'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_etc_cron_d/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_etc_cron_d/rule.yml
index ee6310e4b4ac..a99495e5f445 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_etc_cron_d/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_etc_cron_d/rule.yml
@@ -25,7 +25,6 @@ identifiers:
references:
srg: SRG-OS-000471-GPOS-00215
stigid@ol8: OL08-00-030645
- stigid@sle15: SLES-15-030015
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
index 34878e01a7eb..26d66e2637a5 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-030740
stigid@ol8: OL08-00-030302
stigid@sle12: SLES-12-020290
- stigid@sle15: SLES-15-030350
{{{ complete_ocil_entry_audit_syscall(syscall="mount") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml
index 0abf1d04bff6..83bfc83dfa07 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_btmp/rule.yml
@@ -27,7 +27,6 @@ references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
nist: AU-12(c),AU-12.1(iv)
srg: SRG-OS-000472-GPOS-00217
- stigid@sle15: SLES-15-030780
ocil_clause: 'Audit rule is not present'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml
index 9b6006221f70..700af289abff 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_utmp/rule.yml
@@ -27,7 +27,6 @@ references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
nist: AU-12(c),AU-12.1(iv)
srg: SRG-OS-000472-GPOS-00217
- stigid@sle15: SLES-15-030760
ocil_clause: 'Audit rule is not present'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml
index 8123c1cf0486..37c025ce1f0c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events_wtmp/rule.yml
@@ -27,7 +27,6 @@ references:
hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.312(b),164.312(d),164.312(e)
nist: AU-12(c),AU-12.1(iv)
srg: SRG-OS-000472-GPOS-00217
- stigid@sle15: SLES-15-030770
ocil_clause: 'Audit rule is not present'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
index 6c5ecb7c051b..dbb71bf09081 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-030360
stigid@ol8: OL08-00-030000
stigid@sle12: SLES-12-020240
- stigid@sle15: SLES-15-030640
warnings:
- general: |-
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
index afbf92bad9f3..dd5d67cccb85 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml
@@ -40,7 +40,6 @@ references:
pcidss: Req-10.2.2,Req-10.2.5.b
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000026-CTR-000070,SRG-APP-000027-CTR-000075,SRG-APP-000028-CTR-000080,SRG-APP-000291-CTR-000675,SRG-APP-000292-CTR-000680,SRG-APP-000293-CTR-000685,SRG-APP-000294-CTR-000690,SRG-APP-000319-CTR-000745,SRG-APP-000320-CTR-000750,SRG-APP-000509-CTR-001305
stigid@ol7: OL07-00-030700
- stigid@sle15: SLES-15-030140
ocil_clause: 'there is not output'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 2cb871c443a5..e0fdb636d9d0 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-030871
stigid@ol8: OL08-00-030170
stigid@sle12: SLES-12-020210
- stigid@sle15: SLES-15-030010
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 8a516287c055..a2a90e4ef448 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -42,7 +42,6 @@ references:
stigid@ol7: OL07-00-030872
stigid@ol8: OL08-00-030160
stigid@sle12: SLES-12-020590
- stigid@sle15: SLES-15-030040
ocil_clause: 'the system is not configured to audit account changes'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index fefa3e9986db..0220ee822f6e 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -44,7 +44,6 @@ references:
stigid@ol7: OL07-00-030874
stigid@ol8: OL08-00-030140
stigid@sle12: SLES-12-020230
- stigid@sle15: SLES-15-030030
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index 6ce2b2440e2d..fbc56cd1e9d3 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-030870
stigid@ol8: OL08-00-030150
stigid@sle12: SLES-12-020200
- stigid@sle15: SLES-15-030000
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index f2d70b0ad6db..c2635f61b69b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-030873
stigid@ol8: OL08-00-030130
stigid@sle12: SLES-12-020220
- stigid@sle15: SLES-15-030020
ocil_clause: 'command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_var_spool_cron/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_var_spool_cron/rule.yml
index 52ea2600f43d..256de8d5e40f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_var_spool_cron/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_var_spool_cron/rule.yml
@@ -21,7 +21,6 @@ identifiers:
references:
srg: SRG-OS-000363-GPOS-00150,SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201
stigid@ol8: OL08-00-030645
- stigid@sle15: SLES-15-030015
ocil_clause: 'command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
index 75fa45032f97..96377ee9f4fd 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol7: OL07-00-030300
stigid@sle12: SLES-12-020090
- stigid@sle15: SLES-15-030690
ocil_clause: 'audispd is not sending logs to a remote system'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
index a1de9a5f04ec..ac6a3f8b1d46 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
@@ -49,7 +49,6 @@ references:
srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
stigid@ol8: OL08-00-030660
stigid@sle12: SLES-12-020020
- stigid@sle15: SLES-15-030660
ocil_clause: 'audispd is not sending logs to a remote system and the local partition has inadequate space'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
index d6550b17d4dc..0450e1257133 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
@@ -32,7 +32,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol7: OL07-00-030320
stigid@sle12: SLES-12-020110
- stigid@sle15: SLES-15-030800
ocil_clause: 'the system is not configured to switch to single user mode for corrective action'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
index 392f1d108eca..e58ffbc190cc 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol7: OL07-00-030310
stigid@sle12: SLES-12-020080
- stigid@sle15: SLES-15-030680
ocil_clause: 'audispd is not encrypting audit records when sent over the network'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
index a0b72828507b..9699111745fa 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol7: OL07-00-030321
stigid@sle12: SLES-12-020100
- stigid@sle15: SLES-15-030790
ocil_clause: 'the system is not configured to switch to single user mode for corrective action'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
index 1a082a24dd21..474732a91f3e 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
@@ -50,7 +50,6 @@ references:
srg: SRG-OS-000047-GPOS-00023
stigid@ol8: OL08-00-030060
stigid@sle12: SLES-12-020060
- stigid@sle15: SLES-15-030590
ocil_clause: there is no evidence of appropriate action
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 89d28223895a..0ad31052f022 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -46,7 +46,6 @@ references:
stigid@ol7: OL07-00-030350
stigid@ol8: OL08-00-030020
stigid@sle12: SLES-12-020040
- stigid@sle15: SLES-15-030570
ocil_clause: 'the value of the "action_mail_acct" keyword is not set to "{{{ xccdf_value("var_auditd_action_mail_acct") }}}" and/or other accounts for security personnel, the "action_mail_acct" keyword is missing, or the returned line is commented out, ask the system administrator to indicate how they and the ISSO are notified of an audit process failure. If there is no evidence of the proper personnel being notified of an audit processing failure'
diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
index b0142a0ae32f..14c366e67f49 100644
--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
@@ -39,7 +39,6 @@ references:
pcidss: Req-10.7
srg: SRG-OS-000343-GPOS-00134
stigid@sle12: SLES-12-020030
- stigid@sle15: SLES-15-030700
ocil_clause: 'the system is not configured a specific size in MB to notify administrators of an issue'
diff --git a/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml
index 7cce12f50fee..b2e539a90b9c 100644
--- a/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml
@@ -25,7 +25,6 @@ references:
pcidss: Req-10.5.3
srg: SRG-OS-000342-GPOS-00133
stigid@sle12: SLES-12-020070
- stigid@sle15: SLES-15-030670
template:
name: package_installed
diff --git a/linux_os/guide/auditing/package_audit_installed/rule.yml b/linux_os/guide/auditing/package_audit_installed/rule.yml
index 47f71637a7a2..99a5b4b50ead 100644
--- a/linux_os/guide/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/auditing/package_audit_installed/rule.yml
@@ -31,7 +31,6 @@ references:
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
stigid@ol8: OL08-00-030180
stigid@sle12: SLES-12-020000
- stigid@sle15: SLES-15-030650
{{{ complete_ocil_entry_package_installed("audit") }}}
diff --git a/linux_os/guide/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
index eed3adb9361c..9e2d7467b6d5 100644
--- a/linux_os/guide/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-030000
stigid@ol8: OL08-00-030181
stigid@sle12: SLES-12-020010
- stigid@sle15: SLES-15-030050
ocil_clause: 'the auditd service is not running'
diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
index 4ec2e5eb9b1d..03d292d7af66 100644
--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
@@ -31,7 +31,7 @@ identifiers:
cce@sle15: CCE-85638-5
cce@sle16: CCE-96052-6
cce@slmicro5: CCE-93773-0
- cce@slmicro6: CCE-95065-9
+ cce@slmicro6: CCE-95065-9
references:
cis-csc: 11,12,14,15,3,8,9
@@ -47,7 +47,6 @@ references:
stigid@ol7: OL07-00-021300
stigid@ol8: OL08-00-010670
stigid@sle12: SLES-12-010840
- stigid@sle15: SLES-15-040190
ocil_clause: |-
{{{ ocil_clause_service_disabled(service=kdump_service) }}}
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
index 783ab5e16d83..b317e42603e5 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -34,7 +34,6 @@ references:
stigid@ol7: OL07-00-040690
stigid@ol8: OL08-00-040360
stigid@sle12: SLES-12-030011
- stigid@sle15: SLES-15-010030
{{{ complete_ocil_entry_package_removed("vsftpd") }}}
diff --git a/linux_os/guide/services/mail/package_mailx_installed/rule.yml b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
index b61f166bb54b..53f880436871 100644
--- a/linux_os/guide/services/mail/package_mailx_installed/rule.yml
+++ b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
@@ -24,7 +24,6 @@ references:
stigid@ol7: OL07-00-020028
stigid@ol8: OL08-00-010358
stigid@sle12: SLES-12-010498
- stigid@sle15: SLES-15-010418
{{{ complete_ocil_entry_package_installed("mailx") }}}
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
index 721e16e03d13..dc6b5f92b1ae 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml
@@ -33,7 +33,6 @@ references:
nist@sle12: AU-5(a),AU-5.1(ii)
srg: SRG-OS-000046-GPOS-00022
stigid@sle12: SLES-12-020050
- stigid@sle15: SLES-15-030580
ocil_clause: 'the alias is not set'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
index c40c189335a9..969fe8297b17 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
@@ -33,7 +33,6 @@ references:
stigid@ol7: OL07-00-021021
stigid@ol8: OL08-00-010630
stigid@sle12: SLES-12-010820
- stigid@sle15: SLES-15-040170
ocil_clause: 'the setting does not show'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
index 38f6ec6e3b96..127a8a6bd73c 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol7: OL07-00-021020
stigid@ol8: OL08-00-010650
stigid@sle12: SLES-12-010810
- stigid@sle15: SLES-15-040160
ocil_clause: 'the setting does not show'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
index 44ddd9bffe6c..127107dd6931 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
@@ -93,7 +93,6 @@ references:
stigid@ol7: OL07-00-040500
stigid@ol8: OL08-00-030740
stigid@sle12: SLES-12-030300
- stigid@sle15: SLES-15-010400
ocil_clause: '"maxpoll" has not been set to the value of "{{{ xccdf_value("var_time_service_set_maxpoll") }}}", is commented out, or is missing'
diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
index 8ce212e83bd9..0549fcb89280 100644
--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
@@ -23,14 +23,13 @@ identifiers:
cce@sle12: CCE-83022-4
cce@sle15: CCE-85622-9
cce@slmicro5: CCE-93741-7
- cce@slmicro6: CCE-95051-9
+ cce@slmicro6: CCE-95051-9
references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040550
stigid@ol8: OL08-00-010460
stigid@sle12: SLES-12-010410
- stigid@sle15: SLES-15-040030
ocil_clause: 'shosts.equiv files exist'
diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
index 4006cb47e6b3..c2086e2e7b26 100644
--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
@@ -26,14 +26,13 @@ identifiers:
cce@sle12: CCE-83021-6
cce@sle15: CCE-85621-1
cce@slmicro5: CCE-93740-9
- cce@slmicro6: CCE-95049-3
+ cce@slmicro6: CCE-95049-3
references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040540
stigid@ol8: OL08-00-010470
stigid@sle12: SLES-12-010400
- stigid@sle15: SLES-15-040020
ocil_clause: '.shosts files exist'
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
index e561d5b0e872..cf53228d3f0d 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol7: OL07-00-021710
stigid@ol8: OL08-00-040000
stigid@sle12: SLES-12-030000
- stigid@sle15: SLES-15-010180
{{{ complete_ocil_entry_package_removed("telnet-server") }}}
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
index 12abf9b815e0..91bb0fd02834 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -34,7 +34,7 @@ identifiers:
cce@sle15: CCE-85644-3
cce@sle16: CCE-96360-3
cce@slmicro5: CCE-93751-6
- cce@slmicro6: CCE-95070-9
+ cce@slmicro6: CCE-95070-9
references:
cis-csc: 12,13,14,15,16,18,3,5
@@ -53,7 +53,6 @@ references:
stigid@ol7: OL07-00-040420
stigid@ol8: OL08-00-010490
stigid@sle12: SLES-12-030220
- stigid@sle15: SLES-15-040250
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/*_key", perms=perms) }}}'
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index 3b9cbd89a694..0655c270a5d3 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -18,7 +18,7 @@ identifiers:
cce@sle15: CCE-85643-5
cce@sle16: CCE-95850-4
cce@slmicro5: CCE-93663-3
- cce@slmicro6: CCE-95069-1
+ cce@slmicro6: CCE-95069-1
references:
cis-csc: 12,13,14,15,16,18,3,5
@@ -37,7 +37,6 @@ references:
stigid@ol7: OL07-00-040410
stigid@ol8: OL08-00-010480
stigid@sle12: SLES-12-030210
- stigid@sle15: SLES-15-040240
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/*.pub", perms="-rw-r--r--") }}}'
diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
index 413c576c4c4e..d8db9865785a 100644
--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
@@ -41,7 +41,6 @@ references:
stigid@ol7: OL07-00-040310
stigid@ol8: OL08-00-040160
stigid@sle12: SLES-12-030100
- stigid@sle15: SLES-15-010530
ocil: |-
{{{ ocil_service_enabled(service="sshd") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
index bf30c05996fd..608f5e6c169b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -30,7 +30,7 @@ identifiers:
cce@sle15: CCE-85667-4
cce@sle16: CCE-95818-1
cce@slmicro5: CCE-93650-0
- cce@slmicro6: CCE-95091-5
+ cce@slmicro6: CCE-95091-5
references:
cis-csc: 11,12,13,14,15,16,18,3,5,9
@@ -52,7 +52,6 @@ references:
stigid@ol7: OL07-00-010300
stigid@ol8: OL08-00-020330
stigid@sle12: SLES-12-030150
- stigid@sle15: SLES-15-040440
{{{ complete_ocil_entry_sshd_option(default="yes", option="PermitEmptyPasswords", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
index 1ef15a5e2329..9611b90f49d6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol7: OL07-00-040370
stigid@ol8: OL08-00-010550
stigid@sle12: SLES-12-030140
- stigid@sle15: SLES-15-020040
{{{ complete_ocil_entry_sshd_option(default="no", option="PermitRootLogin", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
index d4abee5dde5a..7d5ddadb36ba 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
@@ -25,7 +25,7 @@ identifiers:
cce@sle15: CCE-85642-7
cce@sle16: CCE-96499-9
cce@slmicro5: CCE-93646-8
- cce@slmicro6: CCE-95068-3
+ cce@slmicro6: CCE-95068-3
references:
cis-csc: 11,3,9
@@ -41,7 +41,6 @@ references:
stigid@ol7: OL07-00-040380
stigid@ol8: OL08-00-010520
stigid@sle12: SLES-12-030200
- stigid@sle15: SLES-15-040230
{{{ complete_ocil_entry_sshd_option(default="no", option="IgnoreUserKnownHosts", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 1d33a6010b04..96d9fc4bf522 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -32,7 +32,7 @@ identifiers:
cce@sle15: CCE-85707-8
cce@sle16: CCE-96661-4
cce@slmicro5: CCE-93648-4
- cce@slmicro6: CCE-95072-5
+ cce@slmicro6: CCE-95072-5
references:
cis@sle12: 5.2.6
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040710
stigid@ol8: OL08-00-040340
- stigid@sle15: SLES-15-040290
{{{ complete_ocil_entry_sshd_option(default="yes", option="X11Forwarding", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
index b750d64addb7..2f56ad890353 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -26,7 +26,7 @@ identifiers:
cce@sle15: CCE-85666-6
cce@sle16: CCE-95825-6
cce@slmicro5: CCE-93649-2
- cce@slmicro6: CCE-95090-7
+ cce@slmicro6: CCE-95090-7
references:
cis-csc: 11,3,9
@@ -47,7 +47,6 @@ references:
stigid@ol7: OL07-00-010460
stigid@ol8: OL08-00-010830
stigid@sle12: SLES-12-030151
- stigid@sle15: SLES-15-040440
{{{ complete_ocil_entry_sshd_option(default="yes", option="PermitUserEnvironment", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
index f5c61c48fb5a..b9daf1136609 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
@@ -28,7 +28,7 @@ identifiers:
cce@sle15: CCE-85645-0
cce@sle16: CCE-95844-7
cce@slmicro5: CCE-93647-6
- cce@slmicro6: CCE-95071-7
+ cce@slmicro6: CCE-95071-7
references:
cis-csc: 12,13,14,15,16,18,3,5
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-040450
stigid@ol8: OL08-00-010500
stigid@sle12: SLES-12-030230
- stigid@sle15: SLES-15-040260
{{{ complete_ocil_entry_sshd_option(default="yes", option="StrictModes", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
index 97a343d7f47d..6edaa7cb018f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -47,7 +47,6 @@ references:
stigid@ol7: OL07-00-040170
stigid@ol8: OL08-00-010040
stigid@sle12: SLES-12-030050
- stigid@sle15: SLES-15-010040
{{{ complete_ocil_entry_sshd_option(default="no", option="Banner", value="/etc/issue") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
index 8f73ef35dde4..b28bb1c307ee 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
@@ -25,7 +25,7 @@ identifiers:
cce@sle12: CCE-83083-6
cce@sle15: CCE-85563-5
cce@slmicro5: CCE-93645-0
- cce@slmicro6: CCE-95045-1
+ cce@slmicro6: CCE-95045-1
references:
cis-csc: 1,12,15,16
@@ -39,7 +39,6 @@ references:
stigid@ol7: OL07-00-040360
stigid@ol8: OL08-00-020350
stigid@sle12: SLES-12-030130
- stigid@sle15: SLES-15-020120
{{{ complete_ocil_entry_sshd_option(default="yes", option="PrintLastLog", value="yes") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index 544ce16bf731..b3129efba1b9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -53,7 +53,6 @@ references:
stigid@ol7: OL07-00-040320
stigid@ol8: OL08-00-010201
stigid@sle12: SLES-12-030190
- stigid@sle15: SLES-15-010280
requires:
- sshd_set_keepalive
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
index 64c59df51a54..efb4f21ef565 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
@@ -52,7 +52,6 @@ references:
srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109
stigid@ol8: OL08-00-010200
stigid@sle12: SLES-12-030191
- stigid@sle15: SLES-15-010320
requires:
- sshd_set_idle_timeout
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
index 54b1c2a29e84..28615f381a19 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml
@@ -48,7 +48,6 @@ references:
srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109
stigid@ol7: OL07-00-040340
stigid@sle12: SLES-12-030191
- stigid@sle15: SLES-15-010320
requires:
- sshd_set_idle_timeout
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
index 43da92e7c0b8..0578a2c6e32c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
@@ -38,7 +38,6 @@ references:
pcidss: Req-2.2.4
srg: SRG-OS-000032-GPOS-00013
stigid@sle12: SLES-12-030110
- stigid@sle15: SLES-15-010150
{{{ complete_ocil_entry_sshd_option(default="no", option="LogLevel", value="VERBOSE") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
index cd40734f9337..1df6bc5c0b54 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
@@ -69,7 +69,6 @@ references:
nist-csf: PR.AC-1,PR.AC-3,PR.AC-4,PR.AC-6,PR.AC-7,PR.IP-1,PR.PT-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@sle12: SLES-12-030170
- stigid@sle15: SLES-15-010160
ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
index b4be9801bb8c..cf22ac9ea35e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/rule.yml
@@ -42,7 +42,6 @@ identifiers:
references:
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000120-GPOS-00061,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@ol7: OL07-00-040110
- stigid@sle15: SLES-15-010160
ocil_clause: 'FIPS ciphers are not configured or the enabled ciphers are not FIPS-approved'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
index 7277f511fce2..06de73351bf6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
@@ -47,7 +47,6 @@ references:
srg: SRG-OS-000250-GPOS-00093
stigid@ol7: OL07-00-040712
stigid@sle12: SLES-12-030270
- stigid@sle15: SLES-15-040450
ocil_clause: 'KexAlgorithms option is commented out, contains non-approved algorithms, or the FIPS-approved algorithms are not in the exact order'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
index 3bbdfb623b90..ffd406360c26 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
@@ -60,7 +60,6 @@ references:
nist-csf: PR.AC-1,PR.AC-3,PR.DS-5,PR.PT-4
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
stigid@sle12: SLES-12-030180
- stigid@sle15: SLES-15-010270
ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
index 0f64f3deec7b..777525e2e876 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/rule.yml
@@ -35,7 +35,6 @@ identifiers:
references:
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000394-GPOS-00174
stigid@ol7: OL07-00-040400
- stigid@sle15: SLES-15-010270
ocil_clause: 'MACs option is commented out or not using FIPS-approved hash algorithms'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
index 3925f749f3cb..4da0f9102b5a 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/rule.yml
@@ -37,7 +37,7 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040460
stigid@sle12: SLES-12-030240
- stigid@sle15: SLES-15-040270
+
ocil_clause: 'it is commented out or is not enabled'
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
index 7d9555ff3306..8cfc3de81746 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
@@ -38,7 +38,6 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
srg: SRG-OS-000383-GPOS-00166
stigid@sle12: SLES-12-010670
- stigid@sle15: SLES-15-010490
ocil_clause: 'it does not exist or is not configured properly'
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
index 8acb5361f37f..2d10b6536726 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
@@ -46,7 +46,6 @@ references:
srg: SRG-OS-000383-GPOS-00166
stigid@ol8: OL08-00-020290
stigid@sle12: SLES-12-010680
- stigid@sle15: SLES-15-010500
ocil_clause: 'it does not exist or is not configured properly'
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index cde6be2b7342..fab7fe742a8e 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -119,7 +119,6 @@ references:
stigid@ol7: OL07-00-010050
stigid@ol8: OL08-00-010060
stigid@sle12: SLES-12-010030
- stigid@sle15: SLES-15-010020
platform: system_with_kernel
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
index 9cce04ec9ae5..fce9aa9352c1 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/banner_etc_gdm_banner/rule.yml
@@ -54,7 +54,6 @@ identifiers:
references:
nist: AC-8(b)
stigid@sle12: SLES-12-030020
- stigid@sle15: SLES-15-010060
ocil_clause: 'it does not display the required banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
index 8bcc7bc8f8ca..8c8d5b4a5827 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
@@ -51,7 +51,6 @@ references:
stigid@ol7: OL07-00-010030
stigid@ol8: OL08-00-010049
stigid@sle12: SLES-12-010040
- stigid@sle15: SLES-15-010080
ocil_clause: 'it is not'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
index 38877d7ec66e..93aa7c489403 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-010040
stigid@ol8: OL08-00-010050
stigid@sle12: SLES-12-010050
- stigid@sle15: SLES-15-010090
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml
index ca4ae3b37f54..f686afc0aeb2 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/rule.yml
@@ -59,7 +59,6 @@ references:
nist: AC-8 a,AC-8.1 (ii),AC-8 b,AC-8.1 (iii)
srg: SRG-OS-000023-GPOS-00006
stigid@sle12: SLES-12-010020
- stigid@sle15: SLES-15-010050
ocil_clause: 'the GNOME environment does not display the standard mandatory DoD notice and consent banner'
diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
index af715fd37ae7..ac5060bb0a26 100644
--- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
@@ -29,7 +29,6 @@ references:
stigid@ol7: OL07-00-010344
stigid@ol8: OL08-00-010385
stigid@sle12: SLES-12-010114
- stigid@sle15: SLES-15-020104
ocil_clause: |-
system is configured to bypass password requirements for privilege escalation
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
index 535d7f30c19c..9721547f0512 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-040530
stigid@ol8: OL08-00-020340
stigid@sle12: SLES-12-010390
- stigid@sle15: SLES-15-020080
+
platform: package[pam] and system_with_kernel
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml
index 8555409a4c7b..6d4c44e265fc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faildelay_delay/rule.yml
@@ -26,7 +26,6 @@ references:
nist@sle12: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00226
stigid@sle12: SLES-12-010370
- stigid@sle15: SLES-15-040010
ocil_clause: 'the value of delay is not set properly or the line is commented or missing'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
index a535d2645ea6..205f54d2f633 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_tally2/rule.yml
@@ -47,7 +47,6 @@ references:
pcidss: Req-8.1.6
srg: SRG-OS-000021-GPOS-00005
stigid@sle12: SLES-12-010130
- stigid@sle15: SLES-15-020010
ocil_clause: 'the account option is missing or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml b/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml
index 0c2f23c62d71..6749f438f535 100644
--- a/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml
@@ -26,7 +26,6 @@ references:
nist@sle12: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@sle12: SLES-12-010910
- stigid@sle15: SLES-15-040220
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
index 3a3d8a90382b..9d1339074db9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -31,7 +31,6 @@ references:
pcidss: Req-8.2.3
srg: SRG-OS-000071-GPOS-00039
stigid@sle12: SLES-12-010170
- stigid@sle15: SLES-15-020150
ocil_clause: 'dcredit is not found or not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
index f7ce3211bbca..8979c17c24c5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
@@ -32,7 +32,6 @@ references:
nist@sle15: IA-5(1).1(v),IA-5(1)(b)
srg: SRG-OS-000072-GPOS-00040
stigid@sle12: SLES-12-010190
- stigid@sle15: SLES-15-020160
ocil_clause: 'difok is not found or not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
index ba21d26c306c..cec08d97d8c2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -33,7 +33,6 @@ references:
pcidss: Req-8.2.3
srg: SRG-OS-000070-GPOS-00038
stigid@sle12: SLES-12-010160
- stigid@sle15: SLES-15-020140
ocil_clause: 'lcredit is not found or not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
index 9dcca5707ea8..df034053a731 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -30,7 +30,6 @@ references:
pcidss: Req-8.2.3
srg: SRG-OS-000078-GPOS-00046
stigid@sle12: SLES-12-010250
- stigid@sle15: SLES-15-020260
ocil_clause: 'minlen is not found or not set to the required value (or higher)'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
index 06794ce968d2..f8c2b0195cb2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
@@ -32,7 +32,6 @@ references:
pcidss: Req-8.2.3
srg: SRG-OS-000266-GPOS-00101
stigid@sle12: SLES-12-010180
- stigid@sle15: SLES-15-020270
ocil_clause: 'ocredit is not found or not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
index f0c3ceeafffb..dfd6923ddd5f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
@@ -28,7 +28,6 @@ references:
pcidss: Req-8.1.6,Req-8.1.7
srg: SRG-OS-000480-GPOS-00225
stigid@sle12: SLES-12-010320
- stigid@sle15: SLES-15-020290
ocil_clause: 'retry is not found or not set to the required value (or lower)'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
index f480c5d0113f..b757fc8f6b11 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
@@ -33,7 +33,6 @@ references:
pcidss: Req-8.2.3
srg: SRG-OS-000069-GPOS-00037
stigid@sle12: SLES-12-010150
- stigid@sle15: SLES-15-020130
ocil_clause: 'ucredit is not found or not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
index ba6db029b603..8e2b38dac3bf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-010210
stigid@ol8: OL08-00-010110
stigid@sle12: SLES-12-010210
- stigid@sle15: SLES-15-010260
ocil_clause: 'ENCRYPT_METHOD is not set to {{{ xccdf_value("var_password_hashing_algorithm") }}}'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index 8d6623d17811..61800d37c1b6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -66,7 +66,6 @@ references:
stigid@ol7: OL07-00-010200
stigid@ol8: OL08-00-010159
stigid@sle12: SLES-12-010230
- stigid@sle15: SLES-15-020170
ocil_clause: '"{{{ xccdf_value("var_password_hashing_algorithm_pam") }}}" is missing, or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
index 6c728f535085..fea6421daef7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
@@ -38,7 +38,6 @@ references:
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010130
stigid@sle12: SLES-12-010240
- stigid@sle15: SLES-15-020190
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
index 66c9bd659b04..d0c80daa536a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -71,7 +71,6 @@ references:
ospp: FAU_GEN.1.2
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040172
- stigid@sle15: SLES-15-040062
ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.'
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index bd8d28cd1e6c..d2d0e71b558d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -60,7 +60,7 @@ identifiers:
cce@sle15: CCE-85625-2
cce@sle16: CCE-96667-1
cce@slmicro5: CCE-93744-1
- cce@slmicro6: CCE-95054-3
+ cce@slmicro6: CCE-95054-3
references:
cis-csc: 12,13,14,15,16,18,3,5
@@ -78,7 +78,6 @@ references:
stigid@ol7: OL07-00-020230
stigid@ol8: OL08-00-040170
stigid@sle12: SLES-12-010610
- stigid@sle15: SLES-15-040060
{{% if pkg_system == "dpkg" %}}
platform: not container
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml
index 847d74aedec5..51d7c49af4c9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/vlock_installed/rule.yml
@@ -41,7 +41,6 @@ references:
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020043
stigid@sle12: SLES-12-010070
- stigid@sle15: SLES-15-010110
{{{ complete_ocil_entry_package_installed(package) }}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index cd2393b0c761..1b850e2167b1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -55,7 +55,6 @@ references:
stigid@ol7: OL07-00-041001
stigid@ol8: OL08-00-010390
stigid@sle12: SLES-12-030500
- stigid@sle15: SLES-15-010460
ocil_clause: 'smartcard software is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml
index 2d2231f7a7dc..b366b958ed9c 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml
@@ -32,7 +32,6 @@ references:
nist@sle12: IA-5 (2),IA-5(2)(a),IA-5 (2).1,IA-5(2)(d)
srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
stigid@sle12: SLES-12-030530
- stigid@sle15: SLES-15-010170
ocil_clause: 'ca is not configured'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
index d81afeb2601d..3ddaaf4141fb 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161,SRG-OS-000377-GPOS-00162,SRG-OS-000384-GPOS-00167
stigid@ol7: OL07-00-041003
stigid@sle12: SLES-12-030510
- stigid@sle15: SLES-15-010470
ocil_clause: 'ocsp_on is not configured'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml
index 5e7b27deaa46..2e588ecac7d8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_pam_enabled/rule.yml
@@ -61,7 +61,6 @@ references:
nist@sle12: IA-2(1),IA-2(1).1,IA-2(2),IA-2(2).1,IA-2(3),IA-2(3).1,IA-2(4),IA-2(4).1,IA-5(2),IA-5(2).1,IA-5(2)(c),IA-2(11),IA-2(12)
srg: SRG-OS-000068-GPOS-00036,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000375-GPOS-00162
stigid@sle12: SLES-12-030520
- stigid@sle15: SLES-15-020030
ocil_clause: 'non-exempt accounts are not using CAC authentication'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 25e02f369671..178aa93473c1 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -52,7 +52,6 @@ references:
stigid@ol7: OL07-00-010310
stigid@ol8: OL08-00-020260
stigid@sle12: SLES-12-010340
- stigid@sle15: SLES-15-020050
ocil_clause: 'the value of INACTIVE is greater than the expected value or is -1'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_admin/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_admin/rule.yml
index 3a6a09dc1967..79553b52f773 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_admin/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_admin/rule.yml
@@ -47,7 +47,6 @@ references:
nist@sle12: AC-2(2),AC-2(2).1(ii)
srg: SRG-OS-000123-GPOS-00064
stigid@sle12: SLES-12-010330
- stigid@sle15: SLES-15-020060
ocil_clause: 'any emergency administrator account or account password has an expiration date set'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
index b18ceb489871..d938157ec508 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
@@ -46,7 +46,6 @@ references:
stigid@ol7: OL07-00-010271
stigid@ol8: OL08-00-020000,OL08-00-020270
stigid@sle12: SLES-12-010331
- stigid@sle15: SLES-15-020061
ocil_clause: 'any temporary accounts have no expiration date set or do not expire within 72 hours'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index 72635c289207..ca5bdbc43213 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -27,7 +27,6 @@ references:
srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062
stigid@ol8: OL08-00-020240
stigid@sle12: SLES-12-010640
- stigid@sle15: SLES-15-010230
# The rule check uses password probe, which doesn't support offline mode
platform: system_with_kernel
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
index d5ef8e9d5908..0093273c6ee9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
@@ -32,7 +32,7 @@ identifiers:
cce@sle12: CCE-83195-8
cce@sle15: CCE-85561-9
cce@slmicro5: CCE-93731-8
- cce@slmicro6: CCE-95038-6
+ cce@slmicro6: CCE-95038-6
references:
nist@sle12: CM-6(b),CM-6.1(iv)
@@ -40,7 +40,6 @@ references:
stigid@ol7: OL07-00-020270
stigid@ol8: OL08-00-020320
stigid@sle12: SLES-12-010630
- stigid@sle15: SLES-15-020090
ocil_clause: 'there are unauthorized local user accounts on the system'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index 638bb17ea5c8..fddbdb3844f1 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol7: OL07-00-010250
stigid@ol8: OL08-00-020200
stigid@sle12: SLES-12-010280
- stigid@sle15: SLES-15-020220
ocil_clause: 'the "PASS_MAX_DAYS" parameter value is greater than "{{{ xccdf_value("var_accounts_maximum_age_login_defs") }}}", or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index 942c30a87863..3c7cb3be412c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -49,7 +49,6 @@ references:
stigid@ol7: OL07-00-010230
stigid@ol8: OL08-00-020190
stigid@sle12: SLES-12-010260
- stigid@sle15: SLES-15-020200
ocil_clause: 'the "PASS_MIN_DAYS" parameter value is not "{{{ xccdf_value("var_accounts_minimum_age_login_defs") }}}" or greater, or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index d7d3318a2c51..e8459f0eb311 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol7: OL07-00-010260
stigid@ol8: OL08-00-020210
stigid@sle12: SLES-12-010290
- stigid@sle15: SLES-15-020230
ocil_clause: 'any results are returned that are not associated with a system account'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index 3967d6123bdf..6589ae29b325 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -35,7 +35,6 @@ references:
stigid@ol7: OL07-00-010240
stigid@ol8: OL08-00-020180
stigid@sle12: SLES-12-010270
- stigid@sle15: SLES-15-020210
ocil_clause: 'any results are returned that are not associated with a system account'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
index f6d7d43f7c6d..b191a83151b7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -39,7 +39,6 @@ references:
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010120
stigid@sle12: SLES-12-010220
- stigid@sle15: SLES-15-020180
ocil_clause: 'any interactive user password hash does not begin with "$6"'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
index b88e482f57ca..cb75ad37779d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
@@ -54,7 +54,6 @@ references:
stigid@ol7: OL07-00-010290
stigid@ol8: OL08-00-020331,OL08-00-020332
stigid@sle12: SLES-12-010231
- stigid@sle15: SLES-15-020300
ocil_clause: 'NULL passwords can be used'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
index c6801ba6a896..dfbedd28d14e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
@@ -31,7 +31,7 @@ identifiers:
cce@sle15: CCE-91155-2
cce@sle16: CCE-96014-6
cce@slmicro5: CCE-93737-5
- cce@slmicro6: CCE-95046-9
+ cce@slmicro6: CCE-95046-9
references:
nist: CM-6(b),CM-6.1(iv)
@@ -39,7 +39,6 @@ references:
stigid@ol7: OL07-00-010291
stigid@ol8: OL08-00-010121
stigid@sle12: SLES-12-010221
- stigid@sle15: SLES-15-020181
ocil_clause: 'Blank or NULL passwords can be used'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index 5293b2a6695f..121128b66212 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -30,7 +30,7 @@ identifiers:
cce@sle15: CCE-85664-1
cce@sle16: CCE-96388-4
cce@slmicro5: CCE-93734-2
- cce@slmicro6: CCE-95041-0
+ cce@slmicro6: CCE-95041-0
references:
cis-csc: 1,12,13,14,15,16,18,3,5
@@ -51,7 +51,6 @@ references:
stigid@ol7: OL07-00-020310
stigid@ol8: OL08-00-040200
stigid@sle12: SLES-12-010650
- stigid@sle15: SLES-15-020100
ocil_clause: 'any accounts other than "root" have a UID of "0"'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index 47d8886b01a1..f16dbf64f861 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -29,7 +29,7 @@ identifiers:
cce@sle15: CCE-85672-4
cce@sle16: CCE-95711-8
cce@slmicro5: CCE-93732-6
- cce@slmicro6: CCE-95039-4
+ cce@slmicro6: CCE-95039-4
references:
cis-csc: 1,12,13,14,15,16,18,3,5,7,8
@@ -43,7 +43,6 @@ references:
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
srg: SRG-OS-000480-GPOS-00227
stigid@sle12: SLES-12-010631
- stigid@sle15: SLES-15-020091
ocil_clause: 'any system account other than root has a login shell'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
index f794fe8ac0f3..06b0de56471e 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
@@ -31,7 +31,6 @@ references:
stigid@ol7: OL07-00-020610
stigid@ol8: OL08-00-010760
stigid@sle12: SLES-12-010720
- stigid@sle15: SLES-15-020110
ocil_clause: 'the value for "CREATE_HOME" parameter is not set to "yes", the line is missing, or the line is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
index 771b65d58cd3..f56d49c0e422 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
@@ -40,7 +40,6 @@ references:
stigid@ol7: OL07-00-040000
stigid@ol8: OL08-00-020024
stigid@sle12: SLES-12-010120
- stigid@sle15: SLES-15-020020
ocil_clause: |-
the "maxlogins" item is missing, commented out, or the value is set greater
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 99464727bf99..234fa57c274c 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -64,7 +64,6 @@ references:
srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010
stigid@ol7: OL07-00-040160
stigid@sle12: SLES-12-010090
- stigid@sle15: SLES-15-010130
ocil_clause: 'the TMOUT value is not configured, is set to 0, or is not less than or equal to the expected setting'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
index cc67d332fa5b..43669409233b 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
@@ -24,7 +24,7 @@ identifiers:
cce@sle12: CCE-83099-2
cce@sle15: CCE-85632-8
cce@slmicro5: CCE-93790-4
- cce@slmicro6: CCE-95061-8
+ cce@slmicro6: CCE-95061-8
references:
cis@sle12: 6.2.8
@@ -33,7 +33,6 @@ references:
stigid@ol7: OL07-00-020730
stigid@ol8: OL08-00-010660
stigid@sle12: SLES-12-010780
- stigid@sle15: SLES-15-040130
ocil_clause: 'any local initialization files are found to reference world-writable files'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
index c2d22a1d002e..7d6b969cda02 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
@@ -28,14 +28,13 @@ identifiers:
cce@sle12: CCE-83098-4
cce@sle15: CCE-85631-0
cce@slmicro5: CCE-93789-6
- cce@slmicro6: CCE-95060-0
+ cce@slmicro6: CCE-95060-0
references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020720
stigid@ol8: OL08-00-010690
stigid@sle12: SLES-12-010770
- stigid@sle15: SLES-15-040120
ocil_clause: 'any local interactive user initialization files have executable search path statements that include directories outside of their home directory and is not documented with the ISSO as an operational requirement'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
index 152a206f9719..7db29ab81ff6 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
@@ -25,13 +25,12 @@ identifiers:
cce@sle12: CCE-83075-2
cce@sle15: CCE-85627-8
cce@slmicro5: CCE-93745-8
- cce@slmicro6: CCE-95055-0
+ cce@slmicro6: CCE-95055-0
references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010720
stigid@sle12: SLES-12-010710
- stigid@sle15: SLES-15-040070
ocil_clause: 'users home directory is not defined'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index 14fc7d40a7be..b6e9057edae9 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -25,7 +25,7 @@ identifiers:
cce@sle12: CCE-83074-5
cce@sle15: CCE-85628-6
cce@slmicro5: CCE-93746-6
- cce@slmicro6: CCE-95056-8
+ cce@slmicro6: CCE-95056-8
references:
cis@sle12: 6.2.5
@@ -34,7 +34,6 @@ references:
stigid@ol7: OL07-00-020620
stigid@ol8: OL08-00-010750
stigid@sle12: SLES-12-010730
- stigid@sle15: SLES-15-040080
ocil_clause: 'users home directory does not exist'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index 46c14a7f18e4..9fff2eddbf2a 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -28,7 +28,7 @@ identifiers:
cce@sle12: CCE-83096-8
cce@sle15: CCE-85711-0
cce@slmicro5: CCE-93748-2
- cce@slmicro6: CCE-95058-4
+ cce@slmicro6: CCE-95058-4
references:
cis@sle12: 6.2.7
@@ -38,7 +38,6 @@ references:
stigid@ol7: OL07-00-020650
stigid@ol8: OL08-00-010740
stigid@sle12: SLES-12-010750
- stigid@sle15: SLES-15-040100
ocil_clause: 'the group ownership is incorrect'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
index aa4101b1bb1a..7698dd4e60ec 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -23,14 +23,13 @@ identifiers:
cce@sle15: CCE-85630-2
cce@sle16: CCE-96448-6
cce@slmicro5: CCE-93749-0
- cce@slmicro6: CCE-95059-2
+ cce@slmicro6: CCE-95059-2
references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-020710
stigid@ol8: OL08-00-010770
stigid@sle12: SLES-12-010760
- stigid@sle15: SLES-15-040110
ocil_clause: 'they are not 0740 or more permissive'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
index 7dddff5ce8b2..811f063c65e7 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -22,7 +22,7 @@ identifiers:
cce@sle12: CCE-83076-0
cce@sle15: CCE-85629-4
cce@slmicro5: CCE-93747-4
- cce@slmicro6: CCE-95057-6
+ cce@slmicro6: CCE-95057-6
references:
cis@sle12: 6.2.6
@@ -31,7 +31,6 @@ references:
stigid@ol7: OL07-00-020630
stigid@ol8: OL08-00-010730
stigid@sle12: SLES-12-010740
- stigid@sle15: SLES-15-040090
ocil_clause: 'they are more permissive'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
index d58c68770f4a..4ba21c40c14d 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -39,7 +39,6 @@ references:
stigid@ol7: OL07-00-020240
stigid@ol8: OL08-00-020351
stigid@sle12: SLES-12-010620
- stigid@sle15: SLES-15-040420
ocil_clause: 'the value for the "UMASK" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "UMASK" parameter is missing or is commented out'
diff --git a/linux_os/guide/system/apparmor/apparmor_configured/rule.yml b/linux_os/guide/system/apparmor/apparmor_configured/rule.yml
index cb2776276677..e11ec847afc4 100644
--- a/linux_os/guide/system/apparmor/apparmor_configured/rule.yml
+++ b/linux_os/guide/system/apparmor/apparmor_configured/rule.yml
@@ -44,7 +44,6 @@ references:
nist: AC-3(4),AC-6(8),AC-6(10),CM-7(5)(b),CM-7(2),SC-7(21),CM-6(a)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
stigid@sle12: SLES-12-010600
- stigid@sle15: SLES-15-010390
ocil_clause: 'it is not'
diff --git a/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml b/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
index e5bbb94e024c..84d243a3084c 100644
--- a/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
+++ b/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
@@ -23,7 +23,6 @@ references:
nist: AC-3(4),AC-6(8),AC-6(10),CM-7(5)(b),CM-7(2),SC-7(21),CM-6(a)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
stigid@sle12: SLES-12-010600
- stigid@sle15: SLES-15-010390
{{{ complete_ocil_entry_package_installed("pam_apparmor") }}}
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index c1f8cd5e485f..d1014f68475e 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -69,7 +69,6 @@ references:
stigid@ol7: OL07-00-010482
stigid@ol8: OL08-00-010150
stigid@sle12: SLES-12-010430
- stigid@sle15: SLES-15-010190
ocil_clause: 'it does not produce any output'
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
index 6af1a9a3cefb..e500f3aefed2 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
@@ -70,7 +70,6 @@ references:
stigid@ol7: OL07-00-010491
stigid@ol8: OL08-00-010140
stigid@sle12: SLES-12-010440
- stigid@sle15: SLES-15-010200
ocil_clause: 'no password is set'
diff --git a/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml b/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml
index 8b1c52aeb909..5c81f4e2dfb6 100644
--- a/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rtc_utc_configuration/rule.yml
@@ -24,7 +24,6 @@ references:
nist@sle15: AU-8(b)
srg: SRG-OS-000359-GPOS-00146
stigid@sle12: SLES-12-030310
- stigid@sle15: SLES-15-010410
ocil_clause: 'the system real-time clock is not configured to use UTC as its time base'
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 0dad6580056c..1a87564649f4 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -68,7 +68,6 @@ references:
stigid@ol7: OL07-00-031000
stigid@ol8: OL08-00-030690
stigid@sle12: SLES-12-030340
- stigid@sle15: SLES-15-010580
ocil_clause: 'no evidence that the audit logs are being off-loaded to another system or media'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 64e521807275..66d8a5629ec5 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -36,7 +36,6 @@ references:
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040100
- stigid@sle15: SLES-15-010220
{{{ complete_ocil_entry_package_installed("firewalld") }}}
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 2ae1eb0991d0..060e04ac813f 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -42,7 +42,6 @@ references:
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040101
- stigid@sle15: SLES-15-010220
ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index 027e308f53db..2ff272cd0b97 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -18,7 +18,7 @@ identifiers:
cce@sle15: CCE-85708-6
cce@sle16: CCE-96632-5
cce@slmicro5: CCE-93635-1
- cce@slmicro6: CCE-95079-0
+ cce@slmicro6: CCE-95079-0
references:
cis-csc: 11,14,3,9
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040280
stigid@sle12: SLES-12-030363
- stigid@sle15: SLES-15-040341
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index a96d1af2a24b..75a244b9b930 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -26,7 +26,7 @@ identifiers:
cce@sle15: CCE-85649-2
cce@sle16: CCE-96132-6
cce@slmicro5: CCE-93630-2
- cce@slmicro6: CCE-95074-1
+ cce@slmicro6: CCE-95074-1
references:
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-040830
stigid@ol8: OL08-00-040240
stigid@sle12: SLES-12-030361
- stigid@sle15: SLES-15-040310
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_source_route", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
index 3bd288088266..83193a6fe999 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -19,7 +19,7 @@ identifiers:
cce@sle12: CCE-83247-7
cce@sle15: CCE-85713-6
cce@slmicro5: CCE-93640-1
- cce@slmicro6: CCE-95084-0
+ cce@slmicro6: CCE-95084-0
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
@@ -34,7 +34,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040260
stigid@sle12: SLES-12-030364
- stigid@sle15: SLES-15-040381
ocil_clause: 'IP forwarding value is "1" and the system is not router'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index 8f8f0be40d5b..7e807d0f5916 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -18,7 +18,7 @@ identifiers:
cce@sle15: CCE-85722-7
cce@sle16: CCE-96192-0
cce@slmicro5: CCE-93636-9
- cce@slmicro6: CCE-95080-8
+ cce@slmicro6: CCE-95080-8
references:
cis-csc: 11,14,3,9
@@ -37,7 +37,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040210
stigid@sle12: SLES-12-030401
- stigid@sle15: SLES-15-040350
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index d85dc0121fc2..257db00d523f 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -26,7 +26,7 @@ identifiers:
cce@sle15: CCE-85653-4
cce@sle16: CCE-96234-0
cce@slmicro5: CCE-93632-8
- cce@slmicro6: CCE-95076-6
+ cce@slmicro6: CCE-95076-6
references:
cis-csc: 1,12,13,14,15,16,18,4,6,8,9
@@ -43,7 +43,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040250
stigid@sle12: SLES-12-030362
- stigid@sle15: SLES-15-040321
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_source_route", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_forwarding/rule.yml
index 0325334a4d14..5320fadffcb7 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_forwarding/rule.yml
@@ -24,7 +24,6 @@ references:
nist: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@sle12: SLES-12-030365
- stigid@sle15: SLES-15-040382
ocil_clause: 'IPv6 Forwarding is not disabled'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 654a99a37f0d..efe089ffe128 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -25,7 +25,7 @@ identifiers:
cce@sle15: CCE-85651-8
cce@sle16: CCE-96527-7
cce@slmicro5: CCE-93633-6
- cce@slmicro6: CCE-95077-4
+ cce@slmicro6: CCE-95077-4
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-040641
stigid@ol8: OL08-00-040279
stigid@sle12: SLES-12-030390
- stigid@sle15: SLES-15-040330
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index 9bd302a891fb..7e66f2528502 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -26,7 +26,7 @@ identifiers:
cce@sle15: CCE-85648-4
cce@sle16: CCE-96355-3
cce@slmicro5: CCE-93629-4
- cce@slmicro6: CCE-95073-3
+ cce@slmicro6: CCE-95073-3
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
@@ -44,7 +44,6 @@ references:
stigid@ol7: OL07-00-040610
stigid@ol8: OL08-00-040239
stigid@sle12: SLES-12-030360
- stigid@sle15: SLES-15-040300
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_source_route", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index ab07f2c78520..d196735894da 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -24,7 +24,7 @@ identifiers:
cce@sle15: CCE-85652-6
cce@sle16: CCE-96155-7
cce@slmicro5: CCE-93634-4
- cce@slmicro6: CCE-95078-2
+ cce@slmicro6: CCE-95078-2
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
@@ -43,7 +43,6 @@ references:
stigid@ol7: OL07-00-040640
stigid@ol8: OL08-00-040209
stigid@sle12: SLES-12-030400
- stigid@sle15: SLES-15-040340
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index 8658fc9a8c75..30e61cd34ed5 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -26,7 +26,7 @@ identifiers:
cce@sle15: CCE-85650-0
cce@sle16: CCE-96076-5
cce@slmicro5: CCE-93631-0
- cce@slmicro6: CCE-95075-8
+ cce@slmicro6: CCE-95075-8
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
@@ -45,7 +45,6 @@ references:
stigid@ol7: OL07-00-040620
stigid@ol8: OL08-00-040249
stigid@sle12: SLES-12-030370
- stigid@sle15: SLES-15-040320
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_source_route", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index 762c418e453b..f18a6daf2ced 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -41,7 +41,6 @@ references:
pcidss: Req-1.4.1
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000420-GPOS-00186,SRG-OS-000142-GPOS-00071
stigid@sle12: SLES-12-030350
- stigid@sle15: SLES-15-010310
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.tcp_syncookies", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index ac926343a9f9..90fc843bd69e 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -23,7 +23,7 @@ identifiers:
cce@sle15: CCE-85655-9
cce@sle16: CCE-95931-2
cce@slmicro5: CCE-93638-5
- cce@slmicro6: CCE-95082-4
+ cce@slmicro6: CCE-95082-4
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
@@ -42,7 +42,6 @@ references:
stigid@ol7: OL07-00-040660
stigid@ol8: OL08-00-040220
stigid@sle12: SLES-12-030420
- stigid@sle15: SLES-15-040370
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.send_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index 30280a66307a..d434006caf2c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -23,7 +23,7 @@ identifiers:
cce@sle15: CCE-85654-2
cce@sle16: CCE-96422-1
cce@slmicro5: CCE-93637-7
- cce@slmicro6: CCE-95081-6
+ cce@slmicro6: CCE-95081-6
references:
cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9
@@ -42,7 +42,6 @@ references:
stigid@ol7: OL07-00-040650
stigid@ol8: OL08-00-040270
stigid@sle12: SLES-12-030410
- stigid@sle15: SLES-15-040360
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.send_redirects", value="0") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index 240192691c53..b060456d2410 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -21,7 +21,7 @@ identifiers:
cce@sle15: CCE-85709-4
cce@sle16: CCE-95846-2
cce@slmicro5: CCE-93639-3
- cce@slmicro6: CCE-95083-2
+ cce@slmicro6: CCE-95083-2
references:
cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9
@@ -41,7 +41,6 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol7: OL07-00-040740
stigid@sle12: SLES-12-030430
- stigid@sle15: SLES-15-040380
ocil_clause: "the correct value is not returned"
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index ae3153889f0d..473d41c5da24 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -62,7 +62,6 @@ references:
stigid@ol7: OL07-00-041010
stigid@ol8: OL08-00-040110
stigid@sle12: SLES-12-030450
- stigid@sle15: SLES-15-010380
ocil_clause: 'a wireless interface is configured and has not been documented and approved by the Information System Security Officer (ISSO)'
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 02203bf1fc40..c248d60eeb79 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -48,7 +48,6 @@ references:
stigid@ol7: OL07-00-040670
stigid@ol8: OL08-00-040330
stigid@sle12: SLES-12-030440
- stigid@sle15: SLES-15-040390
ocil_clause: 'any network device is in promiscuous mode'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index 975a75074f48..a738d1684bb3 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -50,7 +50,6 @@ references:
srg: SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010190
stigid@sle12: SLES-12-010460
- stigid@sle15: SLES-15-010300
ocil_clause: 'any world-writable directories are missing the sticky bit'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
index 0baffa7ac782..190f4a659746 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
@@ -24,7 +24,7 @@ identifiers:
cce@sle12: CCE-83104-0
cce@sle15: CCE-85637-7
cce@slmicro5: CCE-93795-3
- cce@slmicro6: CCE-95064-2
+ cce@slmicro6: CCE-95064-2
references:
cis-csc: 12,13,14,15,16,18,3,5
@@ -39,7 +39,6 @@ references:
stigid@ol7: OL07-00-021030
stigid@ol8: OL08-00-010710
stigid@sle12: SLES-12-010830
- stigid@sle15: SLES-15-040180
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/permissions/files/dir_system_commands_group_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_system_commands_group_root_owned/rule.yml
index 4a300fcd8a49..aa2eea35b789 100644
--- a/linux_os/guide/system/permissions/files/dir_system_commands_group_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_system_commands_group_root_owned/rule.yml
@@ -7,29 +7,29 @@ title: 'Verify that system commands directories have root as a group owner'
description: |-
System commands are stored in the following directories:
by default:
- /bin - /sbin - /usr/bin - /usr/sbin - /usr/local/bin +/bin + /sbin + /usr/bin + /usr/sbin + /usr/local/bin /usr/local/sbin- All these directories should have root user as a group owner. - If any system command directory is not group owned by a user other than root + All these directories should have root user as a group owner. + If any system command directory is not group owned by a user other than root correct its ownership with the following command:$ sudo chgrp root DIRrationale: |- - If the operating system were to allow any user to make changes to - software libraries, then those changes might be implemented without - undergoing the appropriate testing and approvals that are part of a + If the operating system were to allow any user to make changes to + software libraries, then those changes might be implemented without + undergoing the appropriate testing and approvals that are part of a robust change management process. - + This requirement applies to operating systems with software libraries - that are accessible and configurable, as in the case of interpreted languages. - Software libraries also include privileged programs which execute with escalated - privileges. Only qualified and authorized individuals must be allowed to obtain - access to information system components for purposes of initiating changes, + that are accessible and configurable, as in the case of interpreted languages. + Software libraries also include privileged programs which execute with escalated + privileges. Only qualified and authorized individuals must be allowed to obtain + access to information system components for purposes of initiating changes, including upgrades and modifications. severity: medium @@ -46,20 +46,19 @@ identifiers: references: nist: CM-5(6),CM-5(6).1 - srg: SRG-OS-000259-GPOS-00100 + srg: SRG-OS-000259-GPOS-00100 stigid@sle12: SLES-12-010883 - stigid@sle15: SLES-15-010362 ocil_clause: 'any of these directories are not group owned by root' ocil: |- System commands are stored in the following directories: -/bin - /sbin - /usr/bin - /usr/sbin - /usr/local/bin +/bin + /sbin + /usr/bin + /usr/sbin + /usr/local/bin /usr/local/sbinFor each of these directories, run the following command to find directories not owned by root: diff --git a/linux_os/guide/system/permissions/files/dir_system_commands_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_system_commands_root_owned/rule.yml index 12dc621b7fde..4f242dd6ad5f 100644 --- a/linux_os/guide/system/permissions/files/dir_system_commands_root_owned/rule.yml +++ b/linux_os/guide/system/permissions/files/dir_system_commands_root_owned/rule.yml @@ -5,29 +5,29 @@ title: 'Verify that system commands directories have root ownership' description: |- System commands are stored in the following directories by default: -/bin - /sbin - /usr/bin - /usr/sbin - /usr/local/bin +/bin + /sbin + /usr/bin + /usr/sbin + /usr/local/bin /usr/local/sbin- All these directories should be owned by the root user. - If any system command directory is not owned by a user other than root + All these directories should be owned by the root user. + If any system command directory is not owned by a user other than root correct its ownership with the following command:$ sudo chown root DIRrationale: |- - If the operating system were to allow any user to make changes to - software libraries, then those changes might be implemented without - undergoing the appropriate testing and approvals that are part of a + If the operating system were to allow any user to make changes to + software libraries, then those changes might be implemented without + undergoing the appropriate testing and approvals that are part of a robust change management process. - + This requirement applies to operating systems with software libraries - that are accessible and configurable, as in the case of interpreted languages. - Software libraries also include privileged programs which execute with escalated - privileges. Only qualified and authorized individuals must be allowed to obtain - access to information system components for purposes of initiating changes, + that are accessible and configurable, as in the case of interpreted languages. + Software libraries also include privileged programs which execute with escalated + privileges. Only qualified and authorized individuals must be allowed to obtain + access to information system components for purposes of initiating changes, including upgrades and modifications. severity: medium @@ -46,17 +46,16 @@ references: nist: CM-5(6),CM-5(6).1 srg: SRG-OS-000259-GPOS-00100 stigid@sle12: SLES-12-010881 - stigid@sle15: SLES-15-010360 ocil_clause: 'any of these directories are not owned by root' ocil: |- System commands are stored in the following directories: -/bin - /sbin - /usr/bin - /usr/sbin - /usr/local/bin +/bin + /sbin + /usr/bin + /usr/sbin + /usr/local/bin /usr/local/sbinFor each of these directories, run the following command to find directories not owned by root: diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml index f04a923cd2c1..8124e4b90123 100644 --- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml @@ -34,7 +34,7 @@ identifiers: cce@sle15: CCE-85658-3 cce@sle16: CCE-95705-0 cce@slmicro5: CCE-93799-5 - cce@slmicro6: CCE-95088-1 + cce@slmicro6: CCE-95088-1 references: cis-csc: 1,11,12,13,14,15,16,18,3,5 @@ -50,7 +50,6 @@ references: stigid@ol7: OL07-00-020330 stigid@ol8: OL08-00-010790 stigid@sle12: SLES-12-010700 - stigid@sle15: SLES-15-040410 ocil_clause: 'there is output' diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml index bae321639396..9bcd740e26c5 100644 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml @@ -31,7 +31,7 @@ identifiers: cce@sle15: CCE-85657-5 cce@sle16: CCE-95710-0 cce@slmicro5: CCE-93798-7 - cce@slmicro6: CCE-95087-3 + cce@slmicro6: CCE-95087-3 references: cis-csc: 11,12,13,14,15,16,18,3,5,9 @@ -47,7 +47,6 @@ references: stigid@ol7: OL07-00-020320 stigid@ol8: OL08-00-010780 stigid@sle12: SLES-12-010690 - stigid@sle15: SLES-15-040400 # The rule check uses password probe, which doesn't support offline mode platform: system_with_kernel diff --git a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml index 192383d53e40..daae0440207a 100644 --- a/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_local_var_log/rule.yml @@ -38,7 +38,6 @@ references: nist: SI-11(a),SI-11(b),SI-11.1(iii) nist-csf: PR.AC-4,PR.DS-5 srg: SRG-OS-000205-GPOS-00083 - stigid@sle15: SLES-15-010340 ocil_clause: 'not all log files have permission 640 or stricter' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml index e1780a7da884..a8b3b56d187e 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml @@ -45,7 +45,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010351 stigid@sle12: SLES-12-010876 - stigid@sle15: SLES-15-010356 ocil_clause: any system-wide shared library directory is returned and is not group-owned by a required system account diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml index 83037dba7333..8679ea58a561 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml @@ -44,7 +44,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010341 stigid@sle12: SLES-12-010874 - stigid@sle15: SLES-15-010354 ocil_clause: any system-wide shared library directory is not owned by root diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml index 2236a9f16be3..4821a4f8c58d 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml @@ -51,7 +51,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010331 stigid@sle12: SLES-12-010872 - stigid@sle15: SLES-15-010352 ocil_clause: 'any of these files are group-writable or world-writable' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml index 950ff7cc9d11..33ee24fb56c6 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml @@ -51,7 +51,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010320 stigid@sle12: SLES-12-010882 - stigid@sle15: SLES-15-010361 ocil_clause: 'any system commands are returned and is not group-owned by a required system account' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml index fade0c0a085e..8635ed911c34 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010310 stigid@sle12: SLES-12-010879 - stigid@sle15: SLES-15-010359 ocil_clause: 'any system commands are found to not be owned by root' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml index 609309761ae5..074c54158a8b 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml @@ -50,7 +50,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010340 stigid@sle12: SLES-12-010873 - stigid@sle15: SLES-15-010353 ocil_clause: 'any system wide shared library file is not owned by root' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml index 5cd917fc6c08..548b22059e11 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml @@ -46,7 +46,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010300 stigid@sle12: SLES-12-010878 - stigid@sle15: SLES-15-010358 ocil_clause: any system commands are found to be group-writable or world-writable diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml index 3361cf819a9f..82a6c1fd55ca 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml @@ -50,7 +50,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010330 stigid@sle12: SLES-12-010871 - stigid@sle15: SLES-15-010351 ocil_clause: any system-wide shared library file is found to be group-writable or world-writable diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_system_commands_dirs/rule.yml index d404048840be..67499085dc0c 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_system_commands_dirs/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_system_commands_dirs/rule.yml @@ -32,7 +32,6 @@ references: nist: CM-5(6),CM-5(6).1 srg: SRG-OS-000259-GPOS-00100 stigid@sle12: SLES-12-010877 - stigid@sle15: SLES-15-010357 ocil_clause: 'any system commands are found to be group or world writable' diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml index 91ea1c5933f6..3dd6e903985e 100644 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml @@ -44,7 +44,6 @@ references: srg: SRG-OS-000259-GPOS-00100 stigid@ol8: OL08-00-010350 stigid@sle12: SLES-12-010875 - stigid@sle15: SLES-15-010355 ocil_clause: any system wide shared library file is returned and is not group-owned by root diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml index 082a67cf3ed5..4bdc36e8a7b9 100644 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml @@ -44,7 +44,6 @@ references: stigid@ol7: OL07-00-020100 stigid@ol8: OL08-00-040080 stigid@sle12: SLES-12-010580 - stigid@sle15: SLES-15-010480 {{{ complete_ocil_entry_module_disable(module="usb-storage") }}} diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml index 6a7de2130bde..6280ab63b03d 100644 --- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol7: OL07-00-020110 stigid@ol8: OL08-00-040070 stigid@sle12: SLES-12-010590 - stigid@sle15: SLES-15-010240 ocil_clause: |- {{{ ocil_clause_service_disabled(service="autofs") }}} diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml index ccb05ba12ef7..bfc934af81b1 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol7: OL07-00-021000 stigid@ol8: OL08-00-010570 stigid@sle12: SLES-12-010790 - stigid@sle15: SLES-15-040140 {{{ complete_ocil_entry_mount_option("/home", "nosuid") }}} diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml index 3ca9021f3182..9172941470f8 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml @@ -26,7 +26,7 @@ identifiers: cce@sle12: CCE-83101-6 cce@sle15: CCE-85634-4 cce@slmicro5: CCE-93792-0 - cce@slmicro6: CCE-95063-4 + cce@slmicro6: CCE-95063-4 references: cis-csc: 11,12,13,14,15,16,18,3,5,8,9 @@ -43,7 +43,6 @@ references: stigid@ol7: OL07-00-021010 stigid@ol8: OL08-00-010620 stigid@sle12: SLES-12-010800 - stigid@sle15: SLES-15-040150 ocil_clause: 'file system found in "/etc/fstab" refers to removable media and it does not have the "nosuid" option set' diff --git a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml index 65494238b9d5..45d10c721109 100644 --- a/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml +++ b/linux_os/guide/system/permissions/permissions_local/file_permissions_local_var_log_messages/rule.yml @@ -34,7 +34,6 @@ references: nist@sle12: SI-11(c) srg: SRG-OS-000206-GPOS-00084 stigid@sle12: SLES-12-010890 - stigid@sle15: SLES-15-010350 ocil_clause: 'Make sure /var/log/messages is not world-readable' diff --git a/linux_os/guide/system/permissions/permissions_local/permissions_local_audit_binaries/rule.yml b/linux_os/guide/system/permissions/permissions_local/permissions_local_audit_binaries/rule.yml index 4adf4c7a838d..9f7fd99c59f0 100644 --- a/linux_os/guide/system/permissions/permissions_local/permissions_local_audit_binaries/rule.yml +++ b/linux_os/guide/system/permissions/permissions_local/permissions_local_audit_binaries/rule.yml @@ -48,7 +48,6 @@ references: nist@sle12: AU-9 srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099 stigid@sle12: SLES-12-020130 - stigid@sle15: SLES-15-030620 ocil: |- Check that permissions.local file contains the correct permissions diff --git a/linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/rule.yml b/linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/rule.yml index 4dfe55312fbe..0684547c060f 100644 --- a/linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/rule.yml +++ b/linux_os/guide/system/permissions/permissions_local/permissions_local_var_log_audit/rule.yml @@ -45,7 +45,6 @@ references: nist: AU-9 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@sle12: SLES-12-020120 - stigid@sle15: SLES-15-030600 ocil: |- {{% if product in slmicro %}} diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml index 1f235a2e6506..03d0b130d556 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml @@ -31,7 +31,6 @@ references: srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040283 stigid@sle12: SLES-12-030320 - stigid@sle15: SLES-15-010540 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}} diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml index 74ee0861e9a2..b9d14f920126 100644 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml @@ -37,7 +37,6 @@ references: stigid@ol7: OL07-00-040201 stigid@ol8: OL08-00-010430 stigid@sle12: SLES-12-030330 - stigid@sle15: SLES-15-010550 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.randomize_va_space", value="2") }}} diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml index 98e18049e172..04645fe52e46 100644 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml @@ -31,7 +31,6 @@ references: stigid@ol7: OL07-00-010375 stigid@ol8: OL08-00-010375 stigid@sle12: SLES-12-010375 - stigid@sle15: SLES-15-010375 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml index 7d0c8aa188f6..f96fc012c368 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml @@ -87,7 +87,6 @@ references: srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183 stigid@ol8: OL08-00-010030 stigid@sle12: SLES-12-010450 - stigid@sle15: SLES-15-010330 ocil_clause: 'partitions do not have a type of crypto_LUKS' @@ -112,9 +111,9 @@ fixtext: |- To encrypt an entire partition, dedicate a partition for encryption in the partition layout. {{% if "slmicro" in product %}} - The standard partitioning proposal as suggested by YaST (installation and configuration tool for Linux) does not include an encrypted + The standard partitioning proposal as suggested by YaST (installation and configuration tool for Linux) does not include an encrypted partition by default. Add it manually in the partitioning dialog. - + The following set of commands will switch {{{ full_name }}} to work in FIPS mode:$ sudo transactional-update pkg install -t pattern microos-fips$ sudo reboot@@ -144,19 +143,19 @@ checktext: |- /dev/sda2: "UUID=f5b8a790-14cb-4b82-882d-707d52f27765" TYPE="crypto_LUKS" /dev/sda3: "UUID=f2d86128-f975-478d-a5b0-25806c900eac" TYPE="crypto_LUKS" - Every persistent disk partition present must be of type "crypto_LUKS". - If any partitions other than the boot partition or pseudo file systems (such as /proc or /sys) or temporary file systems (that are tmpfs) - are not type "crypto_LUKS", ask the administrator to indicate how the partitions are encrypted. + Every persistent disk partition present must be of type "crypto_LUKS". + If any partitions other than the boot partition or pseudo file systems (such as /proc or /sys) or temporary file systems (that are tmpfs) + are not type "crypto_LUKS", ask the administrator to indicate how the partitions are encrypted. If there is no evidence that these partitions are encrypted, this is a finding.$ sudo more /etc/cryptab
- Output will be similar to: + Output will be similar to: cr_root UUID=26d4a101-7f48-4394-b730-56dc00e65f64 cr_home UUID=f5b8a790-14cb-4b82-882d-707d52f27765 - cr_swap UUID=f2d86128-f975-478d-a5b0-25806c900eac - - Every persistent disk partition present on the system must have an entry in the /etc/crypttab file. + cr_swap UUID=f2d86128-f975-478d-a5b0-25806c900eac + + Every persistent disk partition present on the system must have an entry in the /etc/crypttab file. If any partitions other than pseudo file systems (such as /proc or /sys) are not listed or "/etc/crypttab" does not exist, this is a finding. Verify the system works in FIPS mode with the following command: diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml index 9ea58be5c905..a139de0753ed 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml @@ -25,7 +25,7 @@ identifiers: cce@sle15: CCE-85639-3 cce@sle16: CCE-95729-0 cce@slmicro5: CCE-93796-1 - cce@slmicro6: CCE-95066-7 + cce@slmicro6: CCE-95066-7 references: cis-csc: 12,15,8 @@ -40,7 +40,6 @@ references: stigid@ol7: OL07-00-021310 stigid@ol8: OL08-00-010800 stigid@sle12: SLES-12-010850 - stigid@sle15: SLES-15-040200 {{{ complete_ocil_entry_separate_partition(part="/home") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml index 0c9ca10087f2..4083b6c8060a 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml @@ -24,7 +24,7 @@ identifiers: cce@sle15: CCE-85640-1 cce@sle16: CCE-95761-3 cce@slmicro5: CCE-93797-9 - cce@slmicro6: CCE-95067-5 + cce@slmicro6: CCE-95067-5 references: cis-csc: 12,15,8 @@ -39,7 +39,6 @@ references: stigid@ol7: OL07-00-021320 stigid@ol8: OL08-00-010540 stigid@sle12: SLES-12-010860 - stigid@sle15: SLES-15-040210 {{{ complete_ocil_entry_separate_partition(part="/var") }}} diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml index bf3efecdf5c4..96f7a75e22f5 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml @@ -26,7 +26,7 @@ identifiers: cce@sle15: CCE-85618-7 cce@sle16: CCE-96283-7 cce@slmicro5: CCE-93787-0 - cce@slmicro6: CCE-95048-5 + cce@slmicro6: CCE-95048-5 references: cis-csc: 1,12,13,14,15,16,2,3,5,6,8 @@ -45,7 +45,6 @@ references: stigid@ol7: OL07-00-021330 stigid@ol8: OL08-00-010542 stigid@sle12: SLES-12-010870 - stigid@sle15: SLES-15-030810 {{{ complete_ocil_entry_separate_partition(part="/var/log/audit") }}} diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml index 1e4ea5eeff96..f04ec5d4a586 100644 --- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml @@ -34,7 +34,6 @@ references: pcidss: Req-6.2 srg: SRG-OS-000480-GPOS-00227 stigid@sle12: SLES-12-010040 - stigid@sle15: SLES-15-010090 ocil_clause: 'The system-wide dconf databases are up-to-date with regards to respective keyfiles' diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml index a6e661bccf2d..db9198b5c2c7 100644 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml @@ -51,7 +51,6 @@ references: cis@sle12: '1.10' cis@sle15: '1.10' stigid@sle12: SLES-12-010611 - stigid@sle15: SLES-15-040061 ocil_clause: 'DConf User profile does not exist or is not configured correctly' diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml index bab08ccef959..d00237db83d4 100644 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_unattended_automatic_login/rule.yml @@ -29,7 +29,6 @@ references: nist: CM-6(b),CM-6.1(iv) srg: SRG-OS-000480-GPOS-00229 stigid@sle12: SLES-12-010380 - stigid@sle15: SLES-15-040430 ocil_clause: 'GDM allows users to automatically login or unattended login' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml index 6689d0bd7a5a..43409171aa20 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol7: OL07-00-010070 stigid@ol8: OL08-00-020060 stigid@sle12: SLES-12-010080 - stigid@sle15: SLES-15-010120 ocil_clause: 'idle-delay is set to 0 or a value greater than {{{ xccdf_value("inactivity_timeout_value") }}}' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml index 52cd9f02e1d1..32be53c6324c 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml @@ -54,7 +54,6 @@ references: stigid@ol7: OL07-00-010060 stigid@ol8: OL08-00-020030,OL08-00-020082 stigid@sle12: SLES-12-010060 - stigid@sle15: SLES-15-010100 ocil_clause: 'screensaver locking is not enabled and/or has not been set or configured correctly' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml index d333b030f189..cfdfde610685 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml @@ -66,7 +66,6 @@ references: pcidss: Req-8.1.8 srg: SRG-OS-000031-GPOS-00012 stigid@sle12: SLES-12-010100 - stigid@sle15: SLES-15-010140 ocil_clause: 'it is not set or configured properly' diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml index 8660efc708bf..d431bf75be20 100644 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml @@ -42,7 +42,6 @@ references: stigid@ol7: OL07-00-010082 stigid@ol8: OL08-00-020081 stigid@sle12: SLES-12-010080 - stigid@sle15: SLES-15-010120 ocil_clause: 'idle-delay is not locked' diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml index 35e234c7d031..1a86b3a7a036 100644 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml @@ -53,7 +53,6 @@ references: stigid@ol7: OL07-00-020250 stigid@ol8: OL08-00-010000 stigid@sle12: SLES-12-010000 - stigid@sle15: SLES-15-010000 ocil_clause: 'the installed operating system is not supported' diff --git a/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml index bc62444573da..8a57c3bfcb6a 100644 --- a/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml +++ b/linux_os/guide/system/software/integrity/fips/is_fips_mode_enabled/rule.yml @@ -26,7 +26,6 @@ references: nist: SC-12(2),SC-12(3),SC-13 srg: SRG-OS-000396-GPOS-00176,SRG-OS-000478-GPOS-00223 stigid@sle12: SLES-12-010420 - stigid@sle15: SLES-15-010510 ocil_clause: the command 'cat /proc/sys/crypto/fips_enabled' returns nothing or '0' or the file does not exist diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml index cdf4ae2f1477..0bed1fdd1d2d 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml @@ -72,7 +72,6 @@ references: stigid@ol7: OL07-00-020029 stigid@ol8: OL08-00-010359 stigid@sle12: SLES-12-010499 - stigid@sle15: SLES-15-010419 ocil_clause: 'there is no database file' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml index 71f2c91aad5e..6b88ab8de378 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml @@ -43,7 +43,6 @@ references: srg: SRG-OS-000278-GPOS-00108 stigid@ol8: OL08-00-030650 stigid@sle12: SLES-12-010540 - stigid@sle15: SLES-15-030630 ocil_clause: 'integrity checks of the audit tools are missing or incomplete' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml index c8bbd12a0744..96146c62a683 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_checking_systemd_timer/rule.yml @@ -39,7 +39,6 @@ references: pcidss: Req-11.5 srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201 stigid@ol7: OL07-00-020030 - stigid@sle15: SLES-15-010570 platform: package[aide] and package[systemd] diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml index 6d56cfe2f76b..73916c24a211 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml @@ -58,7 +58,6 @@ references: srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201 stigid@ol7: OL07-00-020030 stigid@sle12: SLES-12-010500 - stigid@sle15: SLES-15-010420 ocil_clause: 'AIDE is not configured to scan periodically' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml index 1b959ae04a4a..5788f259eac1 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml @@ -49,7 +49,6 @@ references: stigid@ol7: OL07-00-020040 stigid@ol8: OL08-00-010360 stigid@sle12: SLES-12-010510 - stigid@sle15: SLES-15-010570 ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml index 6563fe6a637b..b3733db43bac 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml @@ -19,7 +19,7 @@ description: |- The remediation provided with this rule adds acl to all rule sets available in {{{ aide_conf_path }}} {{% endif %}} - + rationale: |- ACLs can provide permissions beyond those permitted through the file mode and must be verified by the file integrity tools. @@ -34,7 +34,7 @@ identifiers: cce@sle15: CCE-85623-7 cce@sle16: CCE-96372-8 cce@slmicro5: CCE-93742-5 - cce@slmicro6: CCE-95052-7 + cce@slmicro6: CCE-95052-7 references: cis-csc: 2,3 @@ -48,7 +48,6 @@ references: stigid@ol7: OL07-00-021600 stigid@ol8: OL08-00-040310 stigid@sle12: SLES-12-010520 - stigid@sle15: SLES-15-040040 ocil_clause: 'the acl option is missing or not added to the correct ruleset' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml index 35ed5b595891..c0e28032c928 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml @@ -19,7 +19,7 @@ description: |- The remediation provided with this rule adds xattrs to all rule sets available in {{{ aide_conf_path }}} {{% endif %}} - + rationale: |- Extended attributes in file systems are used to contain arbitrary data and file metadata with security implications. @@ -34,7 +34,7 @@ identifiers: cce@sle15: CCE-85624-5 cce@sle16: CCE-96620-0 cce@slmicro5: CCE-93743-3 - cce@slmicro6: CCE-95053-5 + cce@slmicro6: CCE-95053-5 references: cis-csc: 2,3 @@ -48,7 +48,6 @@ references: stigid@ol7: OL07-00-021610 stigid@ol8: OL08-00-040300 stigid@sle12: SLES-12-010530 - stigid@sle15: SLES-15-040050 ocil_clause: 'the xattrs option is missing or not added to the correct ruleset' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml index dc497c0c7b9a..8ccf88085ed3 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml @@ -36,7 +36,6 @@ references: stigid@ol7: OL07-00-020029 stigid@ol8: OL08-00-010359 stigid@sle12: SLES-12-010499 - stigid@sle15: SLES-15-010419 {{{ complete_ocil_entry_package_installed("aide") }}} diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml index 7a41b181031c..09d6dfbc0656 100644 --- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol7: OL07-00-010350 stigid@ol8: OL08-00-010381 stigid@sle12: SLES-12-010110 - stigid@sle15: SLES-15-010450 ocil_clause: "!authenticate is specified in the sudo config files" diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml index 9d78c69d2dc6..981527510a80 100644 --- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml @@ -39,7 +39,6 @@ references: stigid@ol7: OL07-00-010340 stigid@ol8: OL08-00-010380 stigid@sle12: SLES-12-010110 - stigid@sle15: SLES-15-010450 ocil_clause: 'nopasswd is specified in the sudo config files' diff --git a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml index 9fb1274aa2b6..4fd56cc5beab 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_authentication/rule.yml @@ -37,7 +37,6 @@ references: nist: IA-11,CM-6(a) nist-csf: PR.AC-1,PR.AC-7 srg: SRG-OS-000373-GPOS-00156 - stigid@sle15: SLES-15-010450 ocil_clause: 'nopasswd and/or !authenticate is enabled in sudo' diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml index 3584ee4f2b91..7552734cfef8 100644 --- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml @@ -38,7 +38,6 @@ references: stigid@ol7: OL07-00-010343 stigid@ol8: OL08-00-010384 stigid@sle12: SLES-12-010113 - stigid@sle15: SLES-15-020102 ocil_clause: 'timestamp_timeout is not set with the appropriate value for sudo' diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml index 1ca4cdf4a962..b1ac1d164fb1 100644 --- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml @@ -25,7 +25,7 @@ identifiers: cce@sle12: CCE-83229-5 cce@sle15: CCE-85712-8 cce@slmicro5: CCE-93786-2 - cce@slmicro6: CCE-95042-8 + cce@slmicro6: CCE-95042-8 references: nist: CM-6(b),CM-6(iv) @@ -33,7 +33,6 @@ references: stigid@ol7: OL07-00-010341 stigid@ol8: OL08-00-010382 stigid@sle12: SLES-12-010111 - stigid@sle15: SLES-15-020101 ocil_clause: 'either of the commands returned a line' diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml index 901058ee9d96..9703534af617 100644 --- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml +++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml @@ -28,14 +28,13 @@ identifiers: cce@sle12: CCE-83255-0 cce@sle15: CCE-91151-1 cce@slmicro5: CCE-93733-4 - cce@slmicro6: CCE-95040-2 + cce@slmicro6: CCE-95040-2 references: srg: SRG-OS-000480-GPOS-00227 stigid@ol7: OL07-00-010339 stigid@ol8: OL08-00-010379 stigid@sle12: SLES-12-010109 - stigid@sle15: SLES-15-020099 ocil_clause: "the /etc/sudoers doesn't include /etc/sudores.d or includes other directories?" diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml index f25049786e28..b05f548b78a7 100644 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml @@ -30,7 +30,7 @@ identifiers: cce@sle12: CCE-83230-3 cce@sle15: CCE-85747-4 cce@slmicro5: CCE-93735-9 - cce@slmicro6: CCE-95043-6 + cce@slmicro6: CCE-95043-6 references: nist: CM-6(b),CM-6.1(iv) @@ -38,7 +38,6 @@ references: stigid@ol7: OL07-00-010342 stigid@ol8: OL08-00-010383 stigid@sle12: SLES-12-010112 - stigid@sle15: SLES-15-020103 ocil_clause: 'invoke user passwd when using sudo' diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml index 34e82036e14b..d497c1d15e91 100644 --- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml @@ -47,7 +47,6 @@ references: stigid@ol7: OL07-00-020200 stigid@ol8: OL08-00-010440 stigid@sle12: SLES-12-010570 - stigid@sle15: SLES-15-010560 ocil_clause: |- {{%- if 'sle' in product or 'slmicro' in product %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml index b1d83b25cc89..ff8ad9b43613 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml @@ -57,7 +57,6 @@ references: srg: SRG-OS-000366-GPOS-00153 stigid@ol7: OL07-00-020050 stigid@sle12: SLES-12-010550 - stigid@sle15: SLES-15-010430 ocil_clause: 'there is no process to validate certificates that is approved by the organization' diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml index 609e377fdf8f..72bae3451b10 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml @@ -67,7 +67,6 @@ references: stigid@ol7: OL07-00-020260 stigid@ol8: OL08-00-010010 stigid@sle12: SLES-12-010010 - stigid@sle15: SLES-15-010010 # SCAP 1.3 content should reference flat non compressed xml files {{% if oval_feed_url %}} diff --git a/products/sle15/controls/stig_sle15.yml b/products/sle15/controls/stig_sle15.yml new file mode 100644 index 000000000000..8a8d9f6e62cd --- /dev/null +++ b/products/sle15/controls/stig_sle15.yml @@ -0,0 +1,1780 @@ +policy: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide +title: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide +id: stig_sle15 +version: V2R7 +source: https://www.cyber.mil/stigs/downloads/ +reference_type: stigid +product: sle15 + +levels: + - id: high + - id: medium + - id: low + +controls: +- id: SLES-15-010000 + levels: + - high + title: The SUSE operating system must be a vendor-supported release. + rules: + - installed_OS_is_vendor_supported + status: automated +- id: SLES-15-010010 + levels: + - medium + title: Vendor-packaged SUSE operating system security patches and updates must be + installed and up to date. + rules: + - security_patches_up_to_date + status: automated +- id: SLES-15-010020 + levels: + - medium + title: The SUSE operating system must display the Standard Mandatory DOD Notice + and Consent Banner before granting access via local console. + rules: + - banner_etc_issue + - login_banner_text=dod_banners + - login_banner_contents=dod_default + status: automated +- id: SLES-15-010030 + levels: + - high + title: The SUSE operating system must not have the vsftpd package installed if not + required for operational support. + rules: + - package_vsftpd_removed + status: automated +- id: SLES-15-010040 + levels: + - medium + title: The SUSE operating system must display the Standard Mandatory DOD Notice + and Consent Banner before granting access via SSH. + rules: + - sshd_enable_warning_banner + status: automated +- id: SLES-15-010050 + levels: + - medium + title: The SUSE operating system must display the Standard Mandatory DoD Notice + and Consent Banner until users acknowledge the usage conditions and take explicit + actions to log on for further access to the local graphical user interface (GUI). + rules: + - gui_login_dod_acknowledgement + status: automated +- id: SLES-15-010060 + levels: + - medium + title: The SUSE operating system file /etc/gdm/banner must contain the Standard + Mandatory DoD Notice and Consent banner text. + rules: + - banner_etc_gdm_banner + status: automated +- id: SLES-15-010080 + levels: + - medium + title: The SUSE operating system must display a banner before granting local or + remote access to the system via a graphical user logon. + rules: + - dconf_gnome_banner_enabled + status: automated +- id: SLES-15-010090 + levels: + - medium + title: The SUSE operating system must display the approved Standard Mandatory DoD + Notice before granting local or remote access to the system via a graphical user + logon. + rules: + - dconf_db_up_to_date + - dconf_gnome_login_banner_text + - dconf_login_banner_text=dod_banners + - dconf_login_banner_contents=dod_default + status: automated +- id: SLES-15-010100 + levels: + - medium + title: The SUSE operating system must be able to lock the graphical user interface + (GUI). + rules: + - dconf_gnome_screensaver_lock_enabled + status: automated +- id: SLES-15-010110 + levels: + - low + title: The SUSE operating system must utilize vlock to allow for session locking. + rules: + - vlock_installed + status: automated +- id: SLES-15-010120 + levels: + - medium + title: The SUSE operating system must initiate a session lock after a 15-minute + period of inactivity for the graphical user interface (GUI). + rules: + - dconf_gnome_screensaver_idle_delay + - inactivity_timeout_value=15_minutes + - dconf_gnome_session_idle_user_locks + status: automated +- id: SLES-15-010130 + levels: + - medium + title: The SUSE operating system must initiate a session lock after a 10-minute + period of inactivity. + rules: + - accounts_tmout + - var_accounts_tmout=10_min + status: automated +- id: SLES-15-010140 + levels: + - low + title: The SUSE operating system must conceal, via the session lock, information + previously visible on the display with a publicly viewable image in the graphical + user interface (GUI). + rules: + - dconf_gnome_screensaver_mode_blank + status: automated +- id: SLES-15-010150 + levels: + - medium + title: The SUSE operating system must log SSH connection attempts and failures to + the server. + rules: + - sshd_set_loglevel_verbose + status: automated +- id: SLES-15-010160 + levels: + - medium + title: The SUSE operating system must implement DOD-approved encryption to protect + the confidentiality of SSH remote connections. + rules: + - sshd_use_approved_ciphers + - sshd_use_approved_ciphers_ordered_stig + status: automated +- id: SLES-15-010170 + levels: + - medium + title: The SUSE operating system, for PKI-based authentication, must validate certificates + by constructing a certification path (which includes status information) to an + accepted trust anchor. + rules: + - smartcard_configure_ca + status: automated +- id: SLES-15-010180 + levels: + - high + title: The SUSE operating system must not have the telnet-server package installed. + rules: + - package_telnet-server_removed + status: automated +- id: SLES-15-010190 + levels: + - high + title: SUSE operating systems with a basic input/output system (BIOS) must require + authentication upon booting into single-user and maintenance modes. + rules: + - grub2_password + status: automated +- id: SLES-15-010200 + levels: + - high + title: SUSE operating systems with Unified Extensible Firmware Interface (UEFI) + implemented must require authentication upon booting into single-user mode and + maintenance. + rules: + - grub2_uefi_password + status: automated +- id: SLES-15-010220 + levels: + - medium + title: The SUSE operating system must be configured to prohibit or restrict the + use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, + and Services Management (PPSM) Category Assignments List (CAL) and vulnerability + assessments. + rules: + - package_firewalld_installed + - service_firewalld_enabled + status: automated +- id: SLES-15-010230 + levels: + - medium + title: The SUSE operating system must not have duplicate User IDs (UIDs) for interactive + users. + rules: + - account_unique_id + status: automated +- id: SLES-15-010240 + levels: + - medium + title: The SUSE operating system must disable the file system automounter. + rules: + - service_autofs_disabled + status: automated +- id: SLES-15-010260 + levels: + - medium + title: The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing + algorithm for system authentication (login.defs). + rules: + - set_password_hashing_algorithm_logindefs + status: automated +- id: SLES-15-010270 + levels: + - medium + title: The SUSE operating system SSH daemon must be configured to only use Message + Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. + rules: + - sshd_use_approved_macs + - sshd_use_approved_macs_ordered_stig + status: automated +- id: SLES-15-010280 + levels: + - medium + title: The SUSE operating system SSH daemon must be configured with a timeout interval. + rules: + - sshd_set_idle_timeout + - sshd_idle_timeout_value=10_minutes + status: automated +- id: SLES-15-010300 + levels: + - medium + title: The sticky bit must be set on all SUSE operating system world-writable directories. + rules: + - dir_perms_world_writable_sticky_bits + status: automated +- id: SLES-15-010310 + levels: + - medium + title: The SUSE operating system must be configured to use TCP syncookies. + rules: + - sysctl_net_ipv4_tcp_syncookies + status: automated +- id: SLES-15-010320 + levels: + - medium + title: The SUSE operating system, for all network connections associated with SSH + traffic, must immediately terminate at the end of the session or after 10 minutes + of inactivity. + rules: + - sshd_set_keepalive + - var_sshd_set_keepalive=1 + - sshd_set_keepalive_0 + status: automated +- id: SLES-15-010330 + levels: + - high + title: All SUSE operating system persistent disk partitions must implement cryptographic + mechanisms to prevent unauthorized disclosure or modification of all information + that requires at-rest protection. + rules: + - encrypt_partitions + status: automated +- id: SLES-15-010340 + levels: + - medium + title: The SUSE operating system must generate error messages that provide information + necessary for corrective actions without revealing information that could be exploited + by adversaries. + rules: + - permissions_local_var_log + status: automated +- id: SLES-15-010350 + levels: + - medium + title: The SUSE operating system must prevent unauthorized users from accessing + system error messages. + rules: + - file_permissions_local_var_log_messages + status: automated +- id: SLES-15-010351 + levels: + - medium + title: The SUSE operating system library files must have mode 0755 or less permissive. + rules: + - file_permissions_library_dirs + status: automated +- id: SLES-15-010352 + levels: + - medium + title: The SUSE operating system library directories must have mode 0755 or less + permissive. + rules: + - dir_permissions_library_dirs + status: automated +- id: SLES-15-010353 + levels: + - medium + title: The SUSE operating system library files must be owned by root. + rules: + - file_ownership_library_dirs + status: automated +- id: SLES-15-010354 + levels: + - medium + title: The SUSE operating system library directories must be owned by root. + rules: + - dir_ownership_library_dirs + status: automated +- id: SLES-15-010355 + levels: + - medium + title: The SUSE operating system library files must be group-owned by root. + rules: + - root_permissions_syslibrary_files + status: automated +- id: SLES-15-010356 + levels: + - medium + title: The SUSE operating system library directories must be group-owned by root. + rules: + - dir_group_ownership_library_dirs + status: automated +- id: SLES-15-010357 + levels: + - medium + title: The SUSE operating system must have system commands set to a mode of 0755 + or less permissive. + rules: + - file_permissions_system_commands_dirs + status: automated +- id: SLES-15-010358 + levels: + - medium + title: The SUSE operating system must have directories that contain system commands + set to a mode of 0755 or less permissive. + rules: + - file_permissions_binary_dirs + status: automated +- id: SLES-15-010359 + levels: + - medium + title: The SUSE operating system must have system commands owned by root. + rules: + - file_ownership_binary_dirs + status: automated +- id: SLES-15-010360 + levels: + - medium + title: The SUSE operating system must have directories that contain system commands + owned by root. + rules: + - dir_system_commands_root_owned + status: automated +- id: SLES-15-010361 + levels: + - medium + title: The SUSE operating system must have system commands group-owned by root or + a system account. + rules: + - file_groupownership_system_commands_dirs + status: automated +- id: SLES-15-010362 + levels: + - medium + title: The SUSE operating system must have directories that contain system commands + group-owned by root. + rules: + - dir_system_commands_group_root_owned + status: automated +- id: SLES-15-010370 + levels: + - medium + title: The SUSE operating system must have a firewall system installed to immediately + disconnect or disable remote access to the whole operating system. + rules: [] + status: pending +- id: SLES-15-010380 + levels: + - medium + title: The SUSE operating system wireless network adapters must be disabled unless + approved and documented. + rules: + - wireless_disable_interfaces + status: automated +- id: SLES-15-010390 + levels: + - medium + title: SUSE operating system AppArmor tool must be configured to control whitelisted + applications and user home directory access control. + rules: + - apparmor_configured + - package_pam_apparmor_installed + status: automated +- id: SLES-15-010400 + levels: + - medium + title: The SUSE operating system clock must, for networked systems, be synchronized + to an authoritative DOD time source at least every 24 hours. + rules: + - chronyd_or_ntpd_set_maxpoll + - var_time_service_set_maxpoll=18_hours + status: automated +- id: SLES-15-010410 + levels: + - low + title: The SUSE operating system must be configured to use Coordinated Universal + Time (UTC) or Greenwich Mean Time (GMT). + rules: + - ensure_rtc_utc_configuration + status: automated +- id: SLES-15-010420 + levels: + - medium + title: Advanced Intrusion Detection Environment (AIDE) must verify the baseline + SUSE operating system configuration at least weekly. + rules: + - aide_periodic_cron_checking + status: automated +- id: SLES-15-010430 + levels: + - high + title: The SUSE operating system tool zypper must have gpgcheck enabled. + rules: + - ensure_gpgcheck_globally_activated + status: automated +- id: SLES-15-010450 + levels: + - high + title: The SUSE operating system must reauthenticate users when changing authenticators, + roles, or escalating privileges. + rules: + - sudo_remove_no_authenticate + - sudo_remove_nopasswd + - sudo_require_authentication + status: automated +- id: SLES-15-010460 + levels: + - medium + title: The SUSE operating system must have the packages required for multifactor + authentication to be installed. + rules: + - install_smartcard_packages + status: automated +- id: SLES-15-010470 + levels: + - medium + title: The SUSE operating system must implement certificate status checking for + multifactor authentication. + rules: + - smartcard_configure_cert_checking + status: automated +- id: SLES-15-010480 + levels: + - medium + title: The SUSE operating system must disable the USB mass storage kernel module. + rules: + - kernel_module_usb-storage_disabled + status: automated +- id: SLES-15-010490 + levels: + - medium + title: If Network Security Services (NSS) is being used by the SUSE operating system + it must prohibit the use of cached authentications after one day. + rules: + - sssd_memcache_timeout + - var_sssd_memcache_timeout=1_day + status: automated +- id: SLES-15-010500 + levels: + - medium + title: The SUSE operating system must configure the Linux Pluggable Authentication + Modules (PAM) to prohibit the use of cached offline authentications after one + day. + rules: + - sssd_offline_cred_expiration + status: automated +- id: SLES-15-010510 + levels: + - high + title: FIPS 140-2 mode must be enabled on the SUSE operating system. + rules: + - is_fips_mode_enabled + status: automated +- id: SLES-15-010530 + levels: + - high + title: All networked SUSE operating systems must have and implement SSH to protect + the confidentiality and integrity of transmitted and received information, as + well as information during preparation for transmission. + rules: + - service_sshd_enabled + status: automated +- id: SLES-15-010540 + levels: + - medium + title: The SUSE operating system must implement kptr-restrict to prevent the leaking + of internal kernel addresses. + rules: + - sysctl_kernel_kptr_restrict + status: automated +- id: SLES-15-010550 + levels: + - medium + title: Address space layout randomization (ASLR) must be implemented by the SUSE + operating system to protect memory from unauthorized code execution. + rules: + - sysctl_kernel_randomize_va_space + status: automated +- id: SLES-15-010560 + levels: + - medium + title: The SUSE operating system must remove all outdated software components after + updated versions have been installed. + rules: + - clean_components_post_updating + status: automated +- id: SLES-15-010570 + levels: + - medium + title: The SUSE operating system must notify the System Administrator (SA) when + Advanced Intrusion Detection Environment (AIDE) discovers anomalies in the operation + of any security functions. + rules: + - aide_periodic_checking_systemd_timer + - aide_scan_notification + status: automated +- id: SLES-15-010580 + levels: + - medium + title: The SUSE operating system must off-load rsyslog messages for networked systems + in real time and off-load standalone systems at least weekly. + rules: + - rsyslog_remote_loghost + status: automated +- id: SLES-15-020000 + levels: + - medium + title: The SUSE operating system must provision temporary accounts with an expiration + date for 72 hours. + rules: [] + status: pending +- id: SLES-15-020010 + levels: + - medium + title: The SUSE operating system must lock an account after three consecutive invalid + access attempts. + rules: + - accounts_passwords_pam_tally2 + - var_password_pam_tally2=3 + status: automated +- id: SLES-15-020020 + levels: + - low + title: The SUSE operating system must limit the number of concurrent sessions to + 10 for all accounts and/or account types. + rules: + - accounts_max_concurrent_login_sessions + - var_accounts_max_concurrent_login_sessions=10 + status: automated +- id: SLES-15-020030 + levels: + - medium + title: The SUSE operating system must implement multifactor authentication for access + to privileged accounts via pluggable authentication modules (PAM). + rules: + - smartcard_pam_enabled + status: automated +- id: SLES-15-020040 + levels: + - medium + title: The SUSE operating system must deny direct logons to the root account using + remote access via SSH. + rules: + - sshd_disable_root_login + status: automated +- id: SLES-15-020050 + levels: + - medium + title: The SUSE operating system must disable account identifiers (individuals, + groups, roles, and devices) after 35 days of inactivity after password expiration. + rules: + - account_disable_post_pw_expiration + - var_account_disable_post_pw_expiration=35 + status: automated +- id: SLES-15-020060 + levels: + - medium + title: The SUSE operating system must never automatically remove or disable emergency + administrator accounts. + rules: + - account_emergency_admin + status: manual +- id: SLES-15-020090 + levels: + - medium + title: The SUSE operating system must not have unnecessary accounts. + rules: + - accounts_authorized_local_users + # NOTE: must configure "var_accounts_authorized_local_users_regex" + # when the rule "accounts_authorized_local_users" is enabled + # - var_accounts_authorized_local_users_regex=+ - var_accounts_authorized_local_users_regex=sle15 + status: automated +- id: SLES-15-020091 + levels: + - medium + title: The SUSE operating system must not have unnecessary account capabilities. + rules: + - no_shelllogin_for_systemaccounts + status: automated +- id: SLES-15-020100 + levels: + - high + title: The SUSE operating system root account must be the only account with unrestricted + access to the system. + rules: + - accounts_no_uid_except_zero + status: automated +- id: SLES-15-020101 + levels: + - medium + title: The SUSE operating system must restrict privilege elevation to authorized + personnel. + rules: + - sudo_restrict_privilege_elevation_to_authorized + status: automated +- id: SLES-15-020102 + levels: + - medium + title: The SUSE operating system must require reauthentication when using the "sudo" + command. + rules: + - sudo_require_reauthentication + - var_sudo_timestamp_timeout=always_prompt + status: automated +- id: SLES-15-020103 + levels: + - medium + title: The SUSE operating system must use the invoking user's password for privilege + escalation when using "sudo". + rules: + - sudoers_validate_passwd + status: automated +- id: SLES-15-020110 + levels: + - medium + title: All SUSE operating system local interactive user accounts, upon creation, + must be assigned a home directory. + rules: + - accounts_have_homedir_login_defs + status: automated +- id: SLES-15-020120 + levels: + - medium + title: The SUSE operating system must display the date and time of the last successful + account logon upon an SSH logon. + rules: + - sshd_print_last_log + status: automated +- id: SLES-15-020130 + levels: + - medium + title: The SUSE operating system must enforce passwords that contain at least one + uppercase character. + rules: + - cracklib_accounts_password_pam_ucredit + - var_password_pam_ucredit=1 + status: automated +- id: SLES-15-020140 + levels: + - medium + title: The SUSE operating system must enforce passwords that contain at least one + lowercase character. + rules: + - cracklib_accounts_password_pam_lcredit + - var_password_pam_lcredit=1 + status: automated +- id: SLES-15-020150 + levels: + - medium + title: The SUSE operating system must enforce passwords that contain at least one + numeric character. + rules: + - cracklib_accounts_password_pam_dcredit + - var_password_pam_dcredit=1 + status: automated +- id: SLES-15-020160 + levels: + - medium + title: The SUSE operating system must require the change of at least eight of the + total number of characters when passwords are changed. + rules: + - cracklib_accounts_password_pam_difok + status: automated +- id: SLES-15-020170 + levels: + - medium + title: The SUSE operating system must configure the Linux Pluggable Authentication + Modules (PAM) to only store encrypted representations of passwords. + rules: + - set_password_hashing_algorithm_systemauth + status: automated +- id: SLES-15-020180 + levels: + - medium + title: The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing + algorithms for all stored passwords. + rules: + - accounts_password_all_shadowed_sha512 + status: automated +- id: SLES-15-020190 + levels: + - medium + title: The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing + algorithms for all stored passwords. + rules: + - set_password_hashing_min_rounds_logindefs + - var_password_hashing_min_rounds_login_defs=100000 + status: automated +- id: SLES-15-020200 + levels: + - medium + title: The SUSE operating system must be configured to create or update passwords + with a minimum lifetime of 24 hours (one day). + rules: + - accounts_minimum_age_login_defs + - var_accounts_minimum_age_login_defs=7 + status: automated +- id: SLES-15-020210 + levels: + - medium + title: The SUSE operating system must employ user passwords with a minimum lifetime + of 24 hours (one day). + rules: + - accounts_password_set_min_life_existing + status: automated +- id: SLES-15-020220 + levels: + - medium + title: The SUSE operating system must be configured to create or update passwords + with a maximum lifetime of 60 days. + rules: + - accounts_maximum_age_login_defs + - var_accounts_maximum_age_login_defs=60 + status: automated +- id: SLES-15-020230 + levels: + - medium + title: The SUSE operating system must employ user passwords with a maximum lifetime + of 60 days. + rules: + - accounts_password_set_max_life_existing + status: automated +- id: SLES-15-020260 + levels: + - medium + title: The SUSE operating system must employ passwords with a minimum of 15 characters. + rules: + - cracklib_accounts_password_pam_minlen + - var_password_pam_minlen=15 + status: automated +- id: SLES-15-020270 + levels: + - medium + title: The SUSE operating system must enforce passwords that contain at least one + special character. + rules: + - cracklib_accounts_password_pam_ocredit + - var_password_pam_ocredit=1 + status: automated +- id: SLES-15-020290 + levels: + - medium + title: The SUSE operating system must prevent the use of dictionary words for passwords. + rules: + - cracklib_accounts_password_pam_retry + status: automated +- id: SLES-15-020300 + levels: + - high + title: The SUSE operating system must not be configured to allow blank or null passwords. + rules: + - no_empty_passwords + status: automated +- id: SLES-15-030000 + levels: + - medium + title: The SUSE operating system must generate audit records for all account creations, + modifications, disabling, and termination events that affect /etc/passwd. + rules: + - audit_rules_usergroup_modification_passwd + status: automated +- id: SLES-15-030010 + levels: + - medium + title: The SUSE operating system must generate audit records for all account creations, + modifications, disabling, and termination events that affect /etc/group. + rules: + - audit_rules_usergroup_modification_group + status: automated +- id: SLES-15-030020 + levels: + - medium + title: The SUSE operating system must generate audit records for all account creations, + modifications, disabling, and termination events that affect /etc/shadow. + rules: + - audit_rules_usergroup_modification_shadow + status: automated +- id: SLES-15-030030 + levels: + - medium + title: The SUSE operating system must generate audit records for all account creations, + modifications, disabling, and termination events that affect /etc/security/opasswd. + rules: + - audit_rules_usergroup_modification_opasswd + status: automated +- id: SLES-15-030040 + levels: + - medium + title: The SUSE operating system must generate audit records for all account creations, + modifications, disabling, and termination events that affect /etc/gshadow. + rules: + - audit_rules_usergroup_modification_gshadow + status: automated +- id: SLES-15-030050 + levels: + - medium + title: SUSE operating system audit records must contain information to establish + what type of events occurred, the source of events, where events occurred, and + the outcome of events. + rules: + - service_auditd_enabled + status: automated +- id: SLES-15-030060 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + ssh-keysign command. + rules: + - audit_rules_privileged_commands_ssh_keysign + status: automated +- id: SLES-15-030070 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + passwd command. + rules: + - audit_rules_privileged_commands_passwd + status: automated +- id: SLES-15-030080 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + gpasswd command. + rules: + - audit_rules_privileged_commands_gpasswd + status: automated +- id: SLES-15-030090 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + newgrp command. + rules: + - audit_rules_privileged_commands_newgrp + status: automated +- id: SLES-15-030100 + levels: + - low + title: The SUSE operating system must generate audit records for a uses of the chsh + command. + rules: + - audit_rules_privileged_commands_chsh + status: automated +- id: SLES-15-030110 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + unix_chkpwd or unix2_chkpwd commands. + rules: + - audit_rules_privileged_commands_unix2_chkpwd + - audit_rules_privileged_commands_unix_chkpwd + status: automated +- id: SLES-15-030120 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chage command. + rules: + - audit_rules_privileged_commands_chage + status: automated +- id: SLES-15-030130 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + crontab command. + rules: + - audit_rules_privileged_commands_crontab + status: automated +- id: SLES-15-030140 + levels: + - medium + title: The SUSE operating system must audit all uses of the sudoers file and all + files in the /etc/sudoers.d/ directory. + rules: + - audit_rules_sysadmin_actions + status: automated +- id: SLES-15-030150 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls. + rules: + - audit_rules_unsuccessful_file_modification_creat + - audit_rules_unsuccessful_file_modification_ftruncate + - audit_rules_unsuccessful_file_modification_open + - audit_rules_unsuccessful_file_modification_open_by_handle_at + - audit_rules_unsuccessful_file_modification_openat + - audit_rules_unsuccessful_file_modification_truncate + status: automated +- id: SLES-15-030190 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system + calls. + rules: + - audit_rules_dac_modification_fremovexattr + - audit_rules_dac_modification_fsetxattr + - audit_rules_dac_modification_lremovexattr + - audit_rules_dac_modification_lsetxattr + - audit_rules_dac_modification_removexattr + - audit_rules_dac_modification_setxattr + status: automated +- id: SLES-15-030250 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chown, fchown, fchownat, and lchown system calls. + rules: + - audit_rules_dac_modification_chown + - audit_rules_dac_modification_fchown + - audit_rules_dac_modification_fchownat + - audit_rules_dac_modification_lchown + status: automated +- id: SLES-15-030290 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chmod, fchmod, and fchmodat system calls. + rules: + - audit_rules_dac_modification_chmod + - audit_rules_dac_modification_fchmod + - audit_rules_dac_modification_fchmodat + status: automated +- id: SLES-15-030330 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + sudoedit command. + rules: + - audit_rules_privileged_commands_sudoedit + status: automated +- id: SLES-15-030340 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + chfn command. + rules: + - audit_rules_privileged_commands_chfn + status: automated +- id: SLES-15-030350 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + mount system call. + rules: + - audit_rules_media_export + status: automated +- id: SLES-15-030360 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + umount system call. + rules: + - audit_rules_dac_modification_umount + - audit_rules_dac_modification_umount2 + status: automated +- id: SLES-15-030370 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + ssh-agent command. + rules: + - audit_rules_privileged_commands_ssh_agent + status: automated +- id: SLES-15-030380 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + insmod command. + rules: + - audit_rules_privileged_commands_insmod + status: automated +- id: SLES-15-030390 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + rmmod command. + rules: + - audit_rules_privileged_commands_rmmod + status: automated +- id: SLES-15-030400 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + modprobe command. + rules: + - audit_rules_privileged_commands_modprobe + status: automated +- id: SLES-15-030410 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + kmod command. + rules: + - audit_rules_privileged_commands_kmod + status: automated +- id: SLES-15-030420 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chmod command. + rules: + - audit_rules_execution_chmod + status: automated +- id: SLES-15-030430 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + setfacl command. + rules: + - audit_rules_execution_setfacl + status: automated +- id: SLES-15-030440 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chacl command. + rules: + - audit_rules_execution_chacl + status: automated +- id: SLES-15-030450 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + chcon command. + rules: + - audit_rules_execution_chcon + status: automated +- id: SLES-15-030460 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + rm command. + rules: + - audit_rules_execution_rm + status: automated +- id: SLES-15-030470 + levels: + - medium + title: The SUSE operating system must generate audit records for all modifications + to the tallylog file must generate an audit record. + rules: + - audit_rules_login_events_tallylog + status: automated +- id: SLES-15-030480 + levels: + - medium + title: The SUSE operating system must generate audit records for all modifications + to the lastlog file. + rules: + - audit_rules_login_events_lastlog + status: automated +- id: SLES-15-030490 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + passmass command. + rules: + - audit_rules_privileged_commands_passmass + status: automated +- id: SLES-15-030500 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + usermod command. + rules: + - audit_rules_privileged_commands_usermod + status: automated +- id: SLES-15-030510 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + pam_timestamp_check command. + rules: + - audit_rules_privileged_commands_pam_timestamp_check + status: automated +- id: SLES-15-030520 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + delete_module system call. + rules: + - audit_rules_kernel_module_loading_delete + status: automated +- id: SLES-15-030530 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + init_module and finit_module system calls. + rules: + - audit_rules_kernel_module_loading_finit + - audit_rules_kernel_module_loading_init + status: automated +- id: SLES-15-030550 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + su command. + rules: + - audit_rules_privileged_commands_su + status: automated +- id: SLES-15-030560 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + sudo command. + rules: + - audit_rules_privileged_commands_sudo + status: automated +- id: SLES-15-030570 + levels: + - medium + title: The Information System Security Officer (ISSO) and System Administrator (SA), + at a minimum, must be alerted of a SUSE operating system audit processing failure + event. + rules: + - auditd_data_retention_action_mail_acct + status: automated +- id: SLES-15-030580 + levels: + - medium + title: The Information System Security Officer (ISSO) and System Administrator (SA), + at a minimum, must have mail aliases to be notified of a SUSE operating system + audit processing failure. + rules: + - postfix_client_configure_mail_alias + status: automated +- id: SLES-15-030590 + levels: + - medium + title: The SUSE operating system audit system must take appropriate action when + the audit storage volume is full. + rules: + - auditd_data_disk_full_action + - var_auditd_disk_full_action=syslog + status: automated +- id: SLES-15-030600 + levels: + - medium + title: The SUSE operating system must protect audit rules from unauthorized modification. + rules: + - permissions_local_var_log_audit + status: automated +- id: SLES-15-030620 + levels: + - medium + title: The SUSE operating system audit tools must have the proper permissions configured + to protect against unauthorized access. + rules: + - permissions_local_audit_binaries + status: automated +- id: SLES-15-030630 + levels: + - medium + title: The SUSE operating system file integrity tool must be configured to protect + the integrity of the audit tools. + rules: + - aide_check_audit_tools + status: automated +- id: SLES-15-030640 + levels: + - low + title: The SUSE operating system must generate audit records for all uses of the + privileged functions. + rules: + - audit_rules_suid_privilege_function + status: automated +- id: SLES-15-030650 + levels: + - medium + title: The SUSE operating system must have the auditing package installed. + rules: + - package_audit_installed + status: automated +- id: SLES-15-030660 + levels: + - medium + title: The SUSE operating system must allocate audit record storage capacity to + store at least one week of audit records when audit records are not immediately + sent to a central audit record storage facility. + rules: + - auditd_audispd_configure_sufficiently_large_partition + status: manual +- id: SLES-15-030670 + levels: + - medium + title: The audit-audispd-plugins must be installed on the SUSE operating system. + rules: + - package_audit-audispd-plugins_installed + status: automated +- id: SLES-15-030680 + levels: + - low + title: The SUSE operating system audit event multiplexor must be configured to use + Kerberos. + rules: + - auditd_audispd_encrypt_sent_records + status: automated +- id: SLES-15-030690 + levels: + - low + title: Audispd must off-load audit records onto a different system or media from + the SUSE operating system being audited. + rules: + - auditd_audispd_configure_remote_server + # NOTE: must configure "var_audispd_remote_server" when the + # rule "auditd_audispd_configure_remote_server" is enabled + # - var_audispd_remote_server= + status: automated +- id: SLES-15-030700 + levels: + - medium + title: The SUSE operating system auditd service must notify the System Administrator + (SA) and Information System Security Officer (ISSO) immediately when audit storage + capacity is 75 percent full. + rules: + - auditd_data_retention_space_left + status: automated +- id: SLES-15-030740 + levels: + - medium + title: The SUSE operating system must generate audit records for all uses of the + unlink, unlinkat, rename, renameat, and rmdir system calls. + rules: + - audit_rules_unsuccessful_file_modification_rename + - audit_rules_unsuccessful_file_modification_renameat + - audit_rules_unsuccessful_file_modification_renameat2 + - audit_rules_unsuccessful_file_modification_unlink + - audit_rules_unsuccessful_file_modification_unlinkat + status: automated +- id: SLES-15-030760 + levels: + - medium + title: The SUSE operating system must generate audit records for the /run/utmp file. + rules: + - audit_rules_session_events_utmp + status: automated +- id: SLES-15-030770 + levels: + - medium + title: The SUSE operating system must generate audit records for the /var/log/wtmp + file. + rules: + - audit_rules_session_events_wtmp + status: automated +- id: SLES-15-030780 + levels: + - medium + title: The SUSE operating system must generate audit records for the /var/log/btmp + file. + rules: + - audit_rules_session_events_btmp + status: automated +- id: SLES-15-030790 + levels: + - medium + title: The SUSE operating system must off-load audit records onto a different system + or media from the system being audited. + rules: + - auditd_audispd_network_failure_action + status: automated +- id: SLES-15-030800 + levels: + - medium + title: Audispd must take appropriate action when the SUSE operating system audit + storage is full. + rules: + - auditd_audispd_disk_full_action + status: automated +- id: SLES-15-030810 + levels: + - low + title: The SUSE operating system must use a separate file system for the system + audit data path. + rules: + - partition_for_var_log_audit + status: automated +- id: SLES-15-030820 + levels: + - medium + title: The SUSE operating system must not disable syscall auditing. + rules: + - audit_rules_enable_syscall_auditing + status: automated +- id: SLES-15-040000 + levels: + - medium + title: The SUSE operating system must enforce a delay of at least four seconds between + logon prompts following a failed logon attempt. + rules: [] + status: pending +- id: SLES-15-040010 + levels: + - medium + title: The SUSE operating system must enforce a delay of at least four seconds between + logon prompts following a failed logon attempt. + rules: + - accounts_passwords_pam_faildelay_delay + - var_accounts_fail_delay=4 + - var_password_pam_delay=4000000 + status: automated +- id: SLES-15-040020 + levels: + - high + title: There must be no .shosts files on the SUSE operating system. + rules: + - no_user_host_based_files + status: automated +- id: SLES-15-040030 + levels: + - high + title: There must be no shosts.equiv files on the SUSE operating system. + rules: + - no_host_based_files + status: automated +- id: SLES-15-040040 + levels: + - low + title: The SUSE operating system file integrity tool must be configured to verify + Access Control Lists (ACLs). + rules: + - aide_verify_acls + status: automated +- id: SLES-15-040050 + levels: + - low + title: The SUSE operating system file integrity tool must be configured to verify + extended attributes. + rules: + - aide_verify_ext_attributes + status: automated +- id: SLES-15-040060 + levels: + - high + title: The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence. + rules: + - disable_ctrlaltdel_reboot + status: automated +- id: SLES-15-040061 + levels: + - high + title: The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence + for Graphical User Interfaces. + rules: + - enable_dconf_user_profile + status: automated +- id: SLES-15-040062 + levels: + - high + title: The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst + key sequence. + rules: + - disable_ctrlaltdel_burstaction + status: automated +- id: SLES-15-040070 + levels: + - medium + title: All SUSE operating system local interactive users must have a home directory + assigned in the /etc/passwd file. + rules: + - accounts_user_interactive_home_directory_defined + status: automated +- id: SLES-15-040080 + levels: + - medium + title: All SUSE operating system local interactive user home directories defined + in the /etc/passwd file must exist. + rules: + - accounts_user_interactive_home_directory_exists + status: automated +- id: SLES-15-040090 + levels: + - medium + title: All SUSE operating system local interactive user home directories must have + mode 0750 or less permissive. + rules: + - file_permissions_home_directories + status: automated +- id: SLES-15-040100 + levels: + - medium + title: All SUSE operating system local interactive user home directories must be + group-owned by the home directory owner's primary group. + rules: + - file_groupownership_home_directories + status: automated +- id: SLES-15-040110 + levels: + - medium + title: All SUSE operating system local initialization files must have mode 0740 + or less permissive. + rules: + - file_permission_user_init_files + status: automated +- id: SLES-15-040120 + levels: + - medium + title: All SUSE operating system local interactive user initialization files executable + search paths must contain only paths that resolve to the users home directory. + rules: + - accounts_user_home_paths_only + status: manual +- id: SLES-15-040130 + levels: + - medium + title: All SUSE operating system local initialization files must not execute world-writable + programs. + rules: + - accounts_user_dot_no_world_writable_programs + status: automated +- id: SLES-15-040140 + levels: + - medium + title: SUSE operating system file systems that contain user home directories must + be mounted to prevent files with the setuid and setgid bit set from being executed. + rules: + - mount_option_home_nosuid + status: automated +- id: SLES-15-040150 + levels: + - medium + title: SUSE operating system file systems that are used with removable media must + be mounted to prevent files with the setuid and setgid bit set from being executed. + rules: + - mount_option_nosuid_removable_partitions + - var_removable_partition=dev_cdrom + status: automated +- id: SLES-15-040160 + levels: + - medium + title: SUSE operating system file systems that are being imported via Network File + System (NFS) must be mounted to prevent files with the setuid and setgid bit set + from being executed. + rules: + - mount_option_nosuid_remote_filesystems + status: automated +- id: SLES-15-040170 + levels: + - medium + title: SUSE operating system file systems that are being imported via Network File + System (NFS) must be mounted to prevent binary files from being executed. + rules: + - mount_option_noexec_remote_filesystems + status: automated +- id: SLES-15-040180 + levels: + - medium + title: All SUSE operating system world-writable directories must be group-owned + by root, sys, bin, or an application group. + rules: + - dir_perms_world_writable_system_owned_group + status: automated +- id: SLES-15-040190 + levels: + - medium + title: SUSE operating system kernel core dumps must be disabled unless needed. + rules: + - service_kdump_disabled + status: automated +- id: SLES-15-040200 + levels: + - low + title: A separate file system must be used for SUSE operating system user home directories + (such as /home or an equivalent). + rules: + - partition_for_home + status: automated +- id: SLES-15-040210 + levels: + - low + title: The SUSE operating system must use a separate file system for /var. + rules: + - partition_for_var + status: automated +- id: SLES-15-040220 + levels: + - medium + title: The SUSE operating system must be configured to not overwrite Pluggable Authentication + Modules (PAM) configuration on package changes. + rules: + - pam_disable_automatic_configuration + status: automated +- id: SLES-15-040230 + levels: + - medium + title: The SUSE operating system SSH daemon must be configured to not allow authentication + using known hosts authentication. + rules: + - sshd_disable_user_known_hosts + status: automated +- id: SLES-15-040240 + levels: + - medium + title: The SUSE operating system SSH daemon public host key files must have mode + 0644 or less permissive. + rules: + - file_permissions_sshd_pub_key + status: automated +- id: SLES-15-040250 + levels: + - medium + title: The SUSE operating system SSH daemon private host key files must have mode + 0640 or less permissive. + rules: + - file_permissions_sshd_private_key + status: automated +- id: SLES-15-040260 + levels: + - medium + title: The SUSE operating system SSH daemon must perform strict mode checking of + home directory configuration files. + rules: + - sshd_enable_strictmodes + status: automated +- id: SLES-15-040290 + levels: + - medium + title: The SUSE operating system SSH daemon must disable forwarded remote X connections + for interactive users, unless to fulfill documented and validated mission requirements. + rules: + - sshd_disable_x11_forwarding + status: automated +- id: SLES-15-040300 + levels: + - medium + title: The SUSE operating system must not forward Internet Protocol version 4 (IPv4) + source-routed packets. + rules: + - sysctl_net_ipv4_conf_all_accept_source_route + status: automated +- id: SLES-15-040310 + levels: + - medium + title: The SUSE operating system must not forward Internet Protocol version 6 (IPv6) + source-routed packets. + rules: + - sysctl_net_ipv6_conf_all_accept_source_route + status: automated +- id: SLES-15-040320 + levels: + - medium + title: The SUSE operating system must not forward Internet Protocol version 4 (IPv4) + source-routed packets by default. + rules: + - sysctl_net_ipv4_conf_default_accept_source_route + status: automated +- id: SLES-15-040321 + levels: + - medium + title: The SUSE operating system must not forward Internet Protocol version 6 (IPv6) + source-routed packets by default. + rules: + - sysctl_net_ipv6_conf_default_accept_source_route + status: automated +- id: SLES-15-040330 + levels: + - medium + title: The SUSE operating system must prevent Internet Protocol version 4 (IPv4) + Internet Control Message Protocol (ICMP) redirect messages from being accepted. + rules: + - sysctl_net_ipv4_conf_all_accept_redirects + status: automated +- id: SLES-15-040340 + levels: + - medium + title: The SUSE operating system must not allow interfaces to accept Internet Protocol + version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by + default. + rules: + - sysctl_net_ipv4_conf_default_accept_redirects + status: automated +- id: SLES-15-040341 + levels: + - medium + title: The SUSE operating system must prevent Internet Protocol version 6 (IPv6) + Internet Control Message Protocol (ICMP) redirect messages from being accepted. + rules: + - sysctl_net_ipv6_conf_all_accept_redirects + status: automated +- id: SLES-15-040350 + levels: + - medium + title: The SUSE operating system must not allow interfaces to accept Internet Protocol + version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by + default. + rules: + - sysctl_net_ipv6_conf_default_accept_redirects + status: automated +- id: SLES-15-040360 + levels: + - medium + title: The SUSE operating system must not allow interfaces to send Internet Protocol + version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by + default. + rules: + - sysctl_net_ipv4_conf_default_send_redirects + status: automated +- id: SLES-15-040370 + levels: + - medium + title: The SUSE operating system must not send Internet Protocol version 4 (IPv4) + Internet Control Message Protocol (ICMP) redirects. + rules: + - sysctl_net_ipv4_conf_all_send_redirects + status: automated +- id: SLES-15-040380 + levels: + - medium + title: The SUSE operating system must not be performing Internet Protocol version + 4 (IPv4) packet forwarding unless the system is a router. + rules: + - sysctl_net_ipv4_ip_forward + status: automated +- id: SLES-15-040381 + levels: + - medium + title: The SUSE operating system must not be performing Internet Protocol version + 6 (IPv6) packet forwarding unless the system is a router. + rules: + - sysctl_net_ipv6_conf_all_forwarding + status: automated +- id: SLES-15-040382 + levels: + - medium + title: The SUSE operating system must not be performing Internet Protocol version + 6 (IPv6) packet forwarding by default unless the system is a router. + rules: + - sysctl_net_ipv6_conf_default_forwarding + status: automated +- id: SLES-15-040390 + levels: + - medium + title: The SUSE operating system must not have network interfaces in promiscuous + mode unless approved and documented. + rules: + - network_sniffer_disabled + status: automated +- id: SLES-15-040400 + levels: + - medium + title: All SUSE operating system files and directories must have a valid owner. + rules: + - no_files_unowned_by_user + status: automated +- id: SLES-15-040410 + levels: + - medium + title: All SUSE operating system files and directories must have a valid group owner. + rules: + - file_permissions_ungroupowned + status: automated +- id: SLES-15-040420 + levels: + - medium + title: The SUSE operating system default permissions must be defined in such a way + that all authenticated users can only read and modify their own files. + rules: + - accounts_umask_etc_login_defs + status: automated +- id: SLES-15-040430 + levels: + - high + title: The SUSE operating system must not allow unattended or automatic logon via + the graphical user interface (GUI). + rules: + - gnome_gdm_disable_unattended_automatic_login + status: automated +- id: SLES-15-040440 + levels: + - high + title: The SUSE operating system must not allow unattended or automatic logon via + SSH. + rules: + - sshd_disable_empty_passwords + - sshd_do_not_permit_user_env + status: automated +- id: SLES-15-020099 + levels: + - medium + title: The SUSE operating system must specify the default "include" directory for + the /etc/sudoers file. + rules: + - sudoers_default_includedir + status: automated +- id: SLES-15-020104 + levels: + - medium + title: The SUSE operating system must not be configured to bypass password requirements + for privilege escalation. + rules: + - disallow_bypass_password_sudo + status: automated +- id: SLES-15-020181 + levels: + - high + title: The SUSE operating system must not have accounts configured with blank or + null passwords. + rules: + - no_empty_passwords_etc_shadow + status: automated +- id: SLES-15-040450 + levels: + - medium + title: The SUSE operating system SSH server must be configured to use only FIPS-validated + key exchange algorithms. + rules: + - sshd_use_approved_kex_ordered_stig + status: automated +- id: SLES-15-010375 + levels: + - low + title: The SUSE operating system must restrict access to the kernel message buffer. + rules: + - sysctl_kernel_dmesg_restrict + status: automated +- id: SLES-15-010419 + levels: + - medium + title: The SUSE operating system must use a file integrity tool to verify correct + operation of all security functions. + rules: + - aide_build_database + - package_aide_installed + status: automated +- id: SLES-15-010418 + levels: + - medium + title: The SUSE operating system must be configured to allow sending email notifications + of unauthorized configuration changes to designated personnel. + rules: + - package_mailx_installed + status: automated +- id: SLES-15-030015 + levels: + - medium + title: The SUSE operating system must audit any script or executable called by cron + as root or by any privileged user. + rules: + - audit_rules_etc_cron_d + - audit_rules_var_spool_cron + status: automated diff --git a/products/sle15/profiles/stig.profile b/products/sle15/profiles/stig.profile index a4c36dd810bb..e19bb5fc9344 100644 --- a/products/sle15/profiles/stig.profile +++ b/products/sle15/profiles/stig.profile @@ -17,289 +17,4 @@ description: |- selections: - - var_account_disable_post_pw_expiration=35 - - var_accounts_fail_delay=4 - - var_accounts_tmout=10_min - - inactivity_timeout_value=15_minutes - - var_password_pam_dcredit=1 - - var_password_pam_lcredit=1 - - var_password_pam_minlen=15 - - var_password_pam_ocredit=1 - - var_password_pam_ucredit=1 - - var_sudo_timestamp_timeout=always_prompt - - var_password_pam_unix_remember=5 - - var_accounts_maximum_age_login_defs=60 - - var_password_pam_delay=4000000 - - login_banner_text=dod_banners - - login_banner_contents=dod_default - - dconf_login_banner_text=dod_banners - - dconf_login_banner_contents=dod_default - # - # Note: must configure "var_accounts_authorized_local_users_regex" when - # "accounts_authorized_local_users" rule is enabled - # - var_accounts_authorized_local_users_regex= - # - # NOTE: must configure "var_audispd_remote_server" when - # "auditd_audispd_configure_remote_server" rule is enabled - # - # - var_audispd_remote_server= - - var_removable_partition=dev_cdrom - - var_sssd_memcache_timeout=1_day - - var_time_service_set_maxpoll=18_hours - - var_accounts_minimum_age_login_defs=7 - - account_disable_post_pw_expiration - - account_emergency_admin - - account_disable_post_pw_expiration - - account_emergency_admin - - var_accounts_authorized_local_users_regex=sle15 - - accounts_authorized_local_users - - accounts_have_homedir_login_defs - - var_accounts_max_concurrent_login_sessions=10 - - accounts_max_concurrent_login_sessions - - accounts_maximum_age_login_defs - - accounts_no_uid_except_zero - - accounts_password_all_shadowed_sha512 - - accounts_password_set_max_life_existing - - accounts_password_set_min_life_existing - - accounts_passwords_pam_faildelay_delay - - accounts_passwords_pam_tally2 - - var_password_pam_tally2=3 - - accounts_tmout - - accounts_umask_etc_login_defs - - accounts_user_dot_no_world_writable_programs - - accounts_user_home_paths_only - - accounts_user_interactive_home_directory_defined - - accounts_user_interactive_home_directory_exists - - account_unique_id - - aide_build_database - - aide_check_audit_tools - - aide_periodic_cron_checking - - aide_scan_notification - - aide_verify_acls - - aide_verify_ext_attributes - - aide_periodic_checking_systemd_timer - - apparmor_configured - # - # NOTE: must configure "var_audispd_remote_server" when - # "auditd_audispd_configure_remote_server" rule is enabled - # - # - auditd_audispd_configure_remote_server - - auditd_audispd_configure_sufficiently_large_partition - - auditd_audispd_disk_full_action - - auditd_audispd_encrypt_sent_records - - auditd_audispd_network_failure_action - - var_auditd_disk_full_action=syslog - - auditd_data_disk_full_action - - auditd_data_retention_action_mail_acct - - auditd_data_retention_space_left - - audit_rules_dac_modification_chmod - - audit_rules_dac_modification_chown - - audit_rules_dac_modification_fchmod - - audit_rules_dac_modification_fchmodat - - audit_rules_dac_modification_fchown - - audit_rules_dac_modification_fremovexattr - - audit_rules_dac_modification_fsetxattr - - audit_rules_dac_modification_lchown - - audit_rules_dac_modification_fchownat - - audit_rules_dac_modification_lremovexattr - - audit_rules_dac_modification_lsetxattr - - audit_rules_dac_modification_removexattr - - audit_rules_dac_modification_setxattr - - audit_rules_dac_modification_umount - - audit_rules_dac_modification_umount2 - - audit_rules_enable_syscall_auditing - - audit_rules_etc_cron_d - - audit_rules_execution_chacl - - audit_rules_execution_chmod - - audit_rules_execution_chcon - - audit_rules_execution_rm - - audit_rules_execution_setfacl - - audit_rules_kernel_module_loading_delete - - audit_rules_kernel_module_loading_finit - - audit_rules_kernel_module_loading_init - - audit_rules_login_events_lastlog - - audit_rules_login_events_tallylog - - audit_rules_media_export - - audit_rules_privileged_commands_chage - - audit_rules_privileged_commands_chfn - - audit_rules_privileged_commands_chsh - - audit_rules_privileged_commands_crontab - - audit_rules_privileged_commands_gpasswd - - audit_rules_privileged_commands_kmod - - audit_rules_privileged_commands_modprobe - - audit_rules_privileged_commands_newgrp - - audit_rules_privileged_commands_pam_timestamp_check - - audit_rules_privileged_commands_passmass - - audit_rules_privileged_commands_passwd - - audit_rules_privileged_commands_insmod - - audit_rules_privileged_commands_rmmod - - audit_rules_privileged_commands_ssh_agent - - audit_rules_privileged_commands_ssh_keysign - - audit_rules_privileged_commands_su - - audit_rules_privileged_commands_sudo - - audit_rules_privileged_commands_unix_chkpwd - - audit_rules_privileged_commands_unix2_chkpwd - - audit_rules_privileged_commands_usermod - - audit_rules_privileged_commands_sudoedit - - audit_rules_session_events_utmp - - audit_rules_session_events_wtmp - - audit_rules_suid_privilege_function - - audit_rules_sysadmin_actions - - audit_rules_unsuccessful_file_modification_creat - - audit_rules_unsuccessful_file_modification_ftruncate - - audit_rules_unsuccessful_file_modification_open - - audit_rules_unsuccessful_file_modification_openat - - audit_rules_unsuccessful_file_modification_open_by_handle_at - - audit_rules_session_events_btmp - - audit_rules_unsuccessful_file_modification_renameat - - audit_rules_unsuccessful_file_modification_renameat2 - - audit_rules_unsuccessful_file_modification_rename - - audit_rules_unsuccessful_file_modification_truncate - - audit_rules_unsuccessful_file_modification_unlink - - audit_rules_unsuccessful_file_modification_unlinkat - - audit_rules_usergroup_modification_group - - audit_rules_usergroup_modification_gshadow - - audit_rules_usergroup_modification_opasswd - - audit_rules_usergroup_modification_passwd - - audit_rules_usergroup_modification_shadow - - audit_rules_var_spool_cron - - banner_etc_gdm_banner - - banner_etc_issue - - chronyd_or_ntpd_set_maxpoll - - clean_components_post_updating - - cracklib_accounts_password_pam_dcredit - - cracklib_accounts_password_pam_difok - - cracklib_accounts_password_pam_lcredit - - cracklib_accounts_password_pam_minlen - - cracklib_accounts_password_pam_ocredit - - cracklib_accounts_password_pam_retry - - cracklib_accounts_password_pam_ucredit - - dconf_db_up_to_date - - dconf_gnome_banner_enabled - - dconf_gnome_login_banner_text - - dconf_gnome_screensaver_idle_delay - - dconf_gnome_session_idle_user_locks - - dconf_gnome_screensaver_mode_blank - - dir_group_ownership_library_dirs - - dir_ownership_library_dirs - - dir_permissions_library_dirs - - dconf_gnome_screensaver_lock_enabled - - dir_perms_world_writable_sticky_bits - - dir_system_commands_group_root_owned - - dir_system_commands_root_owned - - dir_perms_world_writable_system_owned_group - - disable_ctrlaltdel_burstaction - - disable_ctrlaltdel_reboot - - disable_ctrlaltdel_reboot - - disallow_bypass_password_sudo - - enable_dconf_user_profile - - encrypt_partitions - - ensure_gpgcheck_globally_activated - - ensure_rtc_utc_configuration - - file_groupownership_home_directories - - file_groupownership_system_commands_dirs - - file_ownership_binary_dirs - - file_permissions_binary_dirs - - file_ownership_library_dirs - - file_permissions_home_directories - - file_permissions_library_dirs - - file_permissions_sshd_private_key - - file_permissions_sshd_pub_key - - file_permissions_system_commands_dirs - - file_permissions_ungroupowned - - file_permissions_local_var_log_messages - - file_permission_user_init_files - - gnome_gdm_disable_unattended_automatic_login - - grub2_password - - grub2_uefi_password - - gui_login_dod_acknowledgement - - installed_OS_is_vendor_supported - - install_smartcard_packages - - is_fips_mode_enabled - - kernel_module_usb-storage_disabled - - mount_option_home_nosuid - - mount_option_noexec_remote_filesystems - - mount_option_nosuid_remote_filesystems - - mount_option_nosuid_removable_partitions - - network_sniffer_disabled - - no_empty_passwords - - no_empty_passwords_etc_shadow - - no_files_unowned_by_user - - no_host_based_files - - no_shelllogin_for_systemaccounts - - no_user_host_based_files - - package_aide_installed - - package_audit-audispd-plugins_installed - - package_audit_installed - - package_mailx_installed - - package_pam_apparmor_installed - - package_telnet-server_removed - - package_firewalld_installed - - package_vsftpd_removed - - pam_disable_automatic_configuration - - partition_for_home - - partition_for_var - - partition_for_var_log_audit - - permissions_local_audit_binaries - - permissions_local_var_log_audit - - permissions_local_var_log - - postfix_client_configure_mail_alias - - rsyslog_remote_loghost - - root_permissions_syslibrary_files - - security_patches_up_to_date - - service_auditd_enabled - - service_autofs_disabled - - service_firewalld_enabled - - service_kdump_disabled - - service_sshd_enabled - - set_password_hashing_algorithm_logindefs - - set_password_hashing_algorithm_systemauth - - var_password_hashing_min_rounds_login_defs=100000 - - set_password_hashing_min_rounds_logindefs - - smartcard_configure_ca - - smartcard_configure_cert_checking - - smartcard_pam_enabled - - sshd_disable_empty_passwords - - sshd_disable_root_login - - sshd_disable_user_known_hosts - - sshd_disable_x11_forwarding - - sshd_do_not_permit_user_env - - sshd_enable_strictmodes - - sshd_enable_warning_banner - - sshd_print_last_log - - sshd_idle_timeout_value=10_minutes - - sshd_set_idle_timeout - - var_sshd_set_keepalive=1 - - sshd_set_keepalive - - sshd_set_loglevel_verbose - - sshd_use_approved_ciphers_ordered_stig - - sshd_use_approved_kex_ordered_stig - - sshd_use_approved_macs_ordered_stig - - sssd_memcache_timeout - - sssd_offline_cred_expiration - - sudo_remove_no_authenticate - - sudo_remove_nopasswd - - sudo_restrict_privilege_elevation_to_authorized - - sudo_require_authentication - - sudo_require_reauthentication - - sudoers_default_includedir - - sudoers_validate_passwd - - sysctl_kernel_dmesg_restrict - - sysctl_kernel_kptr_restrict - - sysctl_kernel_randomize_va_space - - sysctl_net_ipv4_conf_all_accept_redirects - - sysctl_net_ipv4_conf_all_accept_source_route - - sysctl_net_ipv4_conf_all_send_redirects - - sysctl_net_ipv4_conf_default_accept_redirects - - sysctl_net_ipv4_conf_default_accept_source_route - - sysctl_net_ipv4_conf_default_send_redirects - - sysctl_net_ipv4_ip_forward - - sysctl_net_ipv4_tcp_syncookies - - sysctl_net_ipv6_conf_all_forwarding - - sysctl_net_ipv6_conf_all_accept_redirects - - sysctl_net_ipv6_conf_all_accept_source_route - - sysctl_net_ipv6_conf_default_accept_redirects - - sysctl_net_ipv6_conf_default_accept_source_route - - sysctl_net_ipv6_conf_default_forwarding - - vlock_installed - - wireless_disable_interfaces + - stig_sle15:all