SLES-15-020101 add rule and tests, no remediation.

[brett060102]

Description:

• SLES-15-020101 add rule and tests, no remediation.

Rationale:

• Add SLE-15 specific stigs

[openshift-ci-robot]

Hi @brett060102. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openscap-ci]

Changes identified:
Rules:
 sudo_restrict_privilege_elevation_to_authorized
Profiles:
 stig on sle15

Show details

Rule sudo_restrict_privilege_elevation_to_authorized:
 OVAL check is newly added.
Profile stig on sle15:
 Rule sudo_restrict_privilege_elevation_to_authorized added to stig profile.

Recommended tests to execute:
 build_product sle15
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using bash --datastream build/ssg-sle15-ds.xml sudo_restrict_privilege_elevation_to_authorized
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-sle15-ds.xml stig

[ggbecker]

It would be good if jinja macros from macros-oval.jinja could be leveraged, but it's not that easy to find the right ones and maybe they don't apply straightforward. You could at least create a jinja macro to handle both criteria similar as it's done in: dconf_db_up_to_date

[ggbecker]

LGTM now. Thanks for addressing the requests