Enable checks and remediations for the following SLES-12 STIGs:

- SLES-12-010890 'file_permissions_var_log_messages' - SLES-12-010910 'pam_disable_automatic_configuration' - SLES-12-020020 'auditd_audispd_configure_sufficiently_large_partition' - SLES-12-020100 'auditd_audispd_network_failure_action' - SLES-12-020110 'auditd_audispd_disk_full_action' - SLES-12-020120 'permissions_local_var_log_audit' - SLES-12-020130 'permissions_local_audit_binaries' - SLES-12-020199 'audit_rules_enable_syscall_auditing' - SLES-12-020200 'audit_rules_usergroup_modification_passwd' - SLES-12-020210 'audit_rules_usergroup_modification_group' - SLES-12-020220 'audit_rules_usergroup_modification_shadow' - SLES-12-020230 'audit_rules_usergroup_modification_opasswd' - SLES-12-020250 'audit_rules_privileged_commands_su' - SLES-12-020260 'audit_rules_privileged_commands_sudo' - SLES-12-020290 'audit_rules_privileged_commands_mount' - SLES-12-020300 'audit_rules_privileged_commands_umount' - SLES-12-020370 'audit_rules_dac_modification_setxattr' - SLES-12-020380 'audit_rules_dac_modification_fsetxattr' - SLES-12-020390 'audit_rules_dac_modification_removexattr' - SLES-12-020400 'audit_rules_dac_modification_lremovexattr' - SLES-12-020410 'audit_rules_dac_modification_fremovexattr' - SLES-12-020430 'audit_rules_dac_modification_fchown' - SLES-12-020440 'audit_rules_dac_modification_lchown' - SLES-12-020450 'audit_rules_dac_modification_fchownat' - SLES-12-020460 'audit_rules_dac_modification_chown' - SLES-12-020470 'audit_rules_dac_modification_fchmod' - SLES-12-020480 'audit_rules_dac_modification_fchmodat' - SLES-12-020490 'audit_rules_unsuccessful_file_modification_open' - SLES-12-020710 'audit_rules_privileged_commands_crontab' - SLES-12-020720 'audit_rules_privileged_commands_pam_timestamp_check' - SLES-12-020730 'audit_rules_kernel_module_loading_delete' - SLES-12-020740 'audit_rules_kernel_module_loading_finit' - SLES-12-020750 'audit_rules_kernel_module_loading_init' - SLES-12-030300 'chronyd_or_ntpd_set_maxpoll' Corrections: - The STIG ID for audit_rules_dac_modification_chmod was incorrect. It should've been SLES-12-020460 instead of SLES-12-020600. - The STIG ID for sshd_do_not_permit_user_env was incorrect. It should've been SLES-12-030151 instead of SLES-12-030150.
ComplianceAsCode · Feb 4, 2021 · a050df5 · a050df5
1 parent ee010d6
commit a050df5
Show file tree

Hide file tree

Showing 51 changed files with 766 additions and 20 deletions.
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml
@@ -0,0 +1,49 @@
+# platform = multi_platform_sle
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+
+{{{ ansible_instantiate_variables('var_time_service_set_maxpoll') }}}
+
+- name: Check that /etc/ntp.conf exist
+  stat:
+    path: /etc/ntp.conf
+  register: ntp_conf_exist_result
+
+- name: Check that /etc/chrony.conf exist
+  stat:
+    path: /etc/chrony.conf
+  register: chrony_conf_exist_result
+
+- name: Update the maxpoll values in /etc/ntp.conf
+  lineinfile:
+    path: /etc/ntp.conf
+    regex: '^(server.*maxpoll) [0-9]+(\s+.*)$'
+    line: '\1 {{ var_time_service_set_maxpoll }}\2'
+    backrefs: yes
+  when: ntp_conf_exist_result.stat.exists
+
+- name: Update the maxpoll values in /etc/chrony.conf
+  lineinfile:
+    path: /etc/chrony.conf
+    regex: '^(server.*maxpoll) [0-9]+(\s+.*)$'
+    line: '\1 {{ var_time_service_set_maxpoll }}\2'
+    backrefs: yes
+  when: chrony_conf_exist_result.stat.exists
+
+- name: Set the maxpoll values in /etc/ntp.conf
+  lineinfile:
+    path: /etc/ntp.conf
+    regex: '(^server\s+((?!maxpoll).)*)$'
+    line: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n'
+    backrefs: yes
+  when: ntp_conf_exist_result.stat.exists
+
+- name: Set the maxpoll values in /etc/chrony.conf
+  lineinfile:
+    path: /etc/chrony.conf
+    regex: '(^server\s+((?!maxpoll).)*)$'
+    line: '\1 maxpoll {{ var_time_service_set_maxpoll }}\n'
+    backrefs: yes
+  when: chrony_conf_exist_result.stat.exists
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
 
 title: 'Configure Time Service Maxpoll Interval'
 
@@ -26,6 +26,7 @@ platform: machine  # The check uses service_... extended definition, which doesn
 identifiers:
     cce@rhel7: CCE-80439-3
     cce@rhcos4: CCE-82684-2
+    cce@sle12: CCE-83124-8
 
 references:
     stigid@ol7: OL07-00-040500
@@ -39,6 +40,8 @@ references:
     cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01
     iso27001-2013: A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1
     cis-csc: 1,14,15,16,3,5,6
+    stigid@sle12: SLES-12-030300
+    nist@sle12: AU-8(1)(a),AU-8(1)(b)
 
 ocil_clause: 'it does not exist or maxpoll has not been set to the expected value'
 

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -33,7 +33,7 @@ references:
     srg: SRG-OS-000480-GPOS-00229
     vmmsrg: SRG-OS-000480-VMM-002000
     stigid@rhel7: RHEL-07-010460
-    stigid@sle12: SLES-12-030150
+    stigid@sle12: SLES-12-030151
     isa-62443-2013: 'SR 7.6'
     isa-62443-2009: 4.3.4.3.2,4.3.4.3.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05

diff --git a/...guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/ansible/shared.yml b/...guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/ansible/shared.yml
@@ -0,0 +1,19 @@
+# platform = multi_platform_sle
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+
+- name: Find soft links /etc/pam.d/
+  find:
+    paths: /etc/pam.d
+    file_type: link
+    patterns: common-.*
+    use_regex: yes
+  register: find_pam_soft_links_result
+
+- name: Remove soft links in /etc/pam.d/
+  shell: |
+    target=$(readlink -f "{{ item.path }}")
+    cp -p --remove-destination "$target" "{{ item.path }}"
+  with_items: "{{ find_pam_soft_links_result.files }}"
diff --git a/..._os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/bash/shared.sh b/..._os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/bash/shared.sh
@@ -0,0 +1,6 @@
+# platform = multi_platform_sle
+
+for link in $(find /etc/pam.d/ -type l -iname "common-*") ; do
+    target=$(readlink -f "$link")
+    cp -p --remove-destination "$target" "$link"
+done
diff --git a/...os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/oval/shared.xml b/...os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/oval/shared.xml
@@ -0,0 +1,29 @@
+<def-group>
+  <definition class="compliance" id="pam_disable_automatic_configuration" version="1">
+    <metadata>
+      <title>The PAM configuration should not be changed automatically</title>
+      <affected family="unix">
+        <platform>multi_platform_sle</platform>
+      </affected>
+      <description>Verify the SUSE operating system is configured to not overwrite Pluggable
+    Authentication Modules (PAM) configuration on package changes.</description>
+    </metadata>
+    <criteria>
+        <criterion comment="/etc/pam.d/common-* are not symbolic links" test_ref="test_pam_disable_automatic_configuration" />
+    </criteria>
+  </definition>
+
+  <unix:file_test check="all" check_existence="all_exist" comment="/etc/pam.d/common-* are not symbolic links" id="test_pam_disable_automatic_configuration" version="1">
+    <unix:object object_ref="obj_pam_disable_automatic_configuration" />
+    <unix:state state_ref="state_pam_disable_automatic_configuration_no_symlink" />
+  </unix:file_test>
+
+  <unix:file_object comment="/etc/pam.d/common-* files" id="obj_pam_disable_automatic_configuration" version="1">
+    <unix:path operation="equals">/etc/pam.d</unix:path>
+    <unix:filename operation="pattern match">^common-.*$</unix:filename>
+  </unix:file_object>
+
+  <unix:file_state id="state_pam_disable_automatic_configuration_no_symlink" version="1">
+    <unix:type>regular</unix:type>
+  </unix:file_state>
+</def-group>
diff --git a/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml b/linux_os/guide/system/accounts/accounts-pam/pam_disable_automatic_configuration/rule.yml
@@ -0,0 +1,37 @@
+documentation_complete: true
+
+prodtype: sle12
+
+title: 'The PAM configuration should not be changed automatically'
+
+description: |-
+    Verify the SUSE operating system is configured to not overwrite Pluggable
+    Authentication Modules (PAM) configuration on package changes.
+
+
+rationale: |-
+    <tt>pam-config</tt> is a command line utility that automatically generates
+    a system PAM configuration as packages are installed, updated or removed
+    from the system. <tt>pam-config</tt> removes configurations for PAM modules
+    and parameters that it does not know about. It may render ineffective PAM
+    configuration by the system administrator and thus impact system security.
+
+severity: medium
+
+identifiers:
+    cce@sle12: CCE-83113-1
+
+references:
+    stigid@sle12: SLES-12-010910
+    disa@sle12: CCI-000366
+    srg@sle12: SRG-OS-000480-GPOS-00227
+    nist@sle12: CM-6(b),CM-6.1(iv)
+
+ocil_clause: 'that is not the case'
+
+ocil: |-
+    Check that soft links between PAM configuration files are removed with the following command:
+
+    <pre># find /etc/pam.d/ -type l -iname "common-*"</pre>
+
+    If any results are returned, this is a finding.
diff --git a/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -46,7 +46,7 @@ references:
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030410
-    stigid@sle12: SLES-12-020600
+    stigid@sle12: SLES-12-020460
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/...ting/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27364-9
     cce@rhel8: CCE-80686-9
     cce@rhcos4: CCE-82557-0
+    cce@sle12: CCE-83137-0
 
 references:
     stigid@ol7: OL07-00-030370
@@ -43,8 +44,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030370
+    stigid@sle12: SLES-12-020420
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27393-8
     cce@rhel8: CCE-80687-7
     cce@rhcos4: CCE-82558-8
+    cce@sle12: CCE-83133-9
 
 references:
     stigid@ol7: OL07-00-030420
@@ -45,6 +46,7 @@ references:
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030420
+    stigid@sle12: SLES-12-020470
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27388-8
     cce@rhel8: CCE-80688-5
     cce@rhcos4: CCE-82559-6
+    cce@sle12: CCE-83132-1
 
 references:
     stigid@ol7: OL07-00-030430
@@ -45,6 +46,7 @@ references:
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030430
+    stigid@sle12: SLES-12-020480
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -33,6 +33,7 @@ identifiers:
     cce@rhel7: CCE-27356-5
     cce@rhel8: CCE-80689-3
     cce@rhcos4: CCE-82560-4
+    cce@sle12: CCE-83136-2
 
 references:
     stigid@ol7: OL07-00-030380
@@ -46,8 +47,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030380
+    stigid@sle12: SLES-12-020430
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27387-0
     cce@rhel8: CCE-80690-1
     cce@rhcos4: CCE-82561-2
+    cce@sle12: CCE-83134-7
 
 references:
     stigid@ol7: OL07-00-030400
@@ -43,8 +44,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030400
+    stigid@sle12: SLES-12-020450
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -35,6 +35,7 @@ identifiers:
     cce@rhel7: CCE-27353-2
     cce@rhel8: CCE-80691-9
     cce@rhcos4: CCE-82562-0
+    cce@sle12: CCE-83138-8
 
 references:
     stigid@ol7: OL07-00-030480
@@ -48,8 +49,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030480
+    stigid@sle12: SLES-12-020410
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/.../auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/.../auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27389-6
     cce@rhel8: CCE-80692-7
     cce@rhcos4: CCE-82563-8
+    cce@sle12: CCE-83141-2
 
 references:
     stigid@ol7: OL07-00-030450
@@ -43,8 +44,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030450
+    stigid@sle12: SLES-12-020380
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/...ing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27083-5
     cce@rhel8: CCE-80693-5
     cce@rhcos4: CCE-82564-6
+    cce@sle12: CCE-83135-4
 
 references:
     stigid@ol7: OL07-00-030390
@@ -43,8 +44,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030390
+    stigid@sle12: SLES-12-020440
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/...ditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -35,6 +35,7 @@ identifiers:
     cce@rhel7: CCE-27410-0
     cce@rhel8: CCE-80694-3
     cce@rhcos4: CCE-82565-3
+    cce@sle12: CCE-83139-6
 
 references:
     stigid@ol7: OL07-00-030490
@@ -48,8 +49,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030490
+    stigid@sle12: SLES-12-020400
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...uditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/...uditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -34,6 +34,7 @@ identifiers:
     cce@rhel7: CCE-27367-2
     cce@rhel8: CCE-80696-8
     cce@rhcos4: CCE-82567-9
+    cce@sle12: CCE-83140-4
 
 references:
     stigid@ol7: OL07-00-030470
@@ -47,8 +48,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030470
+    stigid@sle12: SLES-12-020390
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

diff --git a/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/...g/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel7: CCE-27213-8
     cce@rhel8: CCE-80697-6
     cce@rhcos4: CCE-82568-7
+    cce@sle12: CCE-83142-0
 
 references:
     stigid@ol7: OL07-00-030440
@@ -43,8 +44,10 @@ references:
     ospp: FAU_GEN.1.1.c
     pcidss: Req-10.5.5
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
+    srg@sle12: SRG-OS-000037-GPOS-00015
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
     stigid@rhel7: RHEL-07-030440
+    stigid@sle12: SLES-12-020370
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01