Merge pull request #12506 from svet-se/slmicro5-stig-add-rule-securit…

…y-patches-up-to-date Add rule security_patches_up_to_date to SLE Micro 5 STIG profile
ComplianceAsCode · Oct 22, 2024 · 9844a54 · 9844a54
2 parents 8fbc00f + d0b9f94
commit 9844a54
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 6 deletions.
diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
@@ -106,8 +106,9 @@ controls:
       title:
           Vendor-packaged SLEM 5 security patches and updates must be installed and
           up to date.
-      rules: []
-      status: pending
+      rules:
+          - security_patches_up_to_date
+      status: automated
 
     - id: SLEM-05-214015
       levels:

diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 # reboot = true
 # strategy = patch
 # complexity = low

diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_sle,multi_platform_slmicro
 # reboot = true
 # strategy = patch
 # complexity = low

diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -16,7 +16,7 @@ description: |-
     <pre>$ sudo yum update</pre>
     If the system is not configured to use one of these sources, updates (in the form of RPM packages)
     can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
-{{% elif product in ["sle12", "sle15"] %}}
+{{% elif product in ["sle12", "sle15", "slmicro5"] %}}
     If the system is configured for online updates, invoking the following command will list available
     security updates:
     <pre>$ sudo zypper refresh &amp;&amp; sudo zypper list-patches -g security</pre>
@@ -42,6 +42,7 @@ identifiers:
     cce@rhel9: CCE-84185-8
     cce@sle12: CCE-83002-6
     cce@sle15: CCE-83261-8
+    cce@slmicro5: CCE-93804-3
 
 references:
     cis-csc: 18,20,4

diff --git a/products/slmicro5/product.yml b/products/slmicro5/product.yml
@@ -14,6 +14,7 @@ init_system: "systemd"
 pkg_manager: "zypper"
 pkg_manager_config_file: "/etc/zypp/zypp.conf"
 
+oval_feed_url: "https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.micro.5-patch.xml.bz2"
 
 aide_bin_path: "/usr/bin/aide"
 

diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
@@ -13,7 +13,6 @@ CCE-93743-3
 CCE-93757-3
 CCE-93777-1
 CCE-93783-9
-CCE-93804-3
 CCE-93805-0
 CCE-93806-8
 CCE-93807-6