Merge pull request #12335 from rumch-se/pam_options_template_rules_update_slem

teacup-on-rockingchair · web-flow · commit 8df17e53d170 · 2024-09-03T15:05:47.000+03:00
Updated rules based on template pam_options to support SLE Micro
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -1060,29 +1060,33 @@ controls:
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one uppercase character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_ucredit
+      status: automated
     
     - id: SLEM-05-611015
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one lowercase character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_lcredit
+      status: automated
     
     - id: SLEM-05-611020
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one numeric character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_dcredit
+      status: automated
     
     - id: SLEM-05-611025
       levels:
           - medium
       title: SLEM 5 must enforce passwords that contain at least one special character.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_ocredit
+      status: automated
     
     - id: SLEM-05-611030
       levels:
@@ -1097,17 +1101,19 @@ controls:
       levels:
           - medium
       title: SLEM 5 must employ passwords with a minimum of 15 characters.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_minlen
+      status: automated
     
     - id: SLEM-05-611040
       levels:
           - medium
       title:
           SLEM 5 must require the change of at least eight of the total number of characters
           when passwords are changed.
-      rules: []
-      status: pending
+      rules: 
+          - cracklib_accounts_password_pam_difok
+      status: automated
     
     - id: SLEM-05-611045
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -20,6 +20,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83168-5
     cce@sle15: CCE-85564-3
+    cce@slmicro5: CCE-93764-9
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_difok/rule.yml
@@ -24,6 +24,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83170-1
     cce@sle15: CCE-85677-3
+    cce@slmicro5: CCE-93765-6
 
 references:
     disa: CCI-000195
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
    cce@sle12: CCE-83167-7
    cce@sle15: CCE-85676-5
+   cce@slmicro5: CCE-93763-1
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -19,6 +19,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83188-3
     cce@sle15: CCE-85573-4
+    cce@slmicro5: CCE-93766-4
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83169-3
     cce@sle15: CCE-85574-2
+    cce@slmicro5: CCE-93767-2
 
 references:
     cis@sle12: 5.3.1
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
@@ -21,6 +21,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83166-9
     cce@sle15: CCE-85675-7
+    cce@slmicro5: CCE-93762-3
 
 references:
     cis@sle12: 5.3.1
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -14,12 +14,6 @@ CCE-93722-7
 CCE-93726-8
 CCE-93743-3
 CCE-93757-3
-CCE-93762-3
-CCE-93763-1
-CCE-93764-9
-CCE-93765-6
-CCE-93766-4
-CCE-93767-2
 CCE-93777-1
 CCE-93783-9
 CCE-93789-6
