Add rules for SLES-12-010140 STIG

guangyee · Dec 10, 2020 · 10e5e9b · 10e5e9b
1 parent 2272211
commit 10e5e9b
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 3 deletions.
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle
 # disruption = low
 # strategy = restrict
 # complexity = low

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
@@ -15,6 +15,7 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-80352-8
+    cce@sle12: CCE-83028-1
 
 references:
     stigid@ol7: OL07-00-010430
@@ -23,6 +24,7 @@ references:
     nist-csf: PR.IP-1
     srg: SRG-OS-000480-GPOS-00226
     stigid@rhel7: RHEL-07-010430
+    stigid@sle12: SLES-12-010140
     isa-62443-2013: 'SR 7.6'
     isa-62443-2009: 4.3.4.3.2,4.3.4.3.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05

diff --git a/shared/checks/oval/installed_env_has_login_defs.xml b/shared/checks/oval/installed_env_has_login_defs.xml
@@ -17,11 +17,15 @@
 {{% if pkg_system == "rpm" %}}
   <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
   id="test_env_has_login_defs_installed" version="1"
+  {{% if product == "sle12" %}}
+  comment="system has package shadow installed, which provides the /etc/login.defs file.">
+  {{% else %}}
   comment="system has package shadow-utils installed, which provides the /etc/login.defs file.">
+  {{% endif %}}
     <linux:object object_ref="obj_env_has_login_defs_installed" />
   </linux:rpminfo_test>
   <linux:rpminfo_object id="obj_env_has_login_defs_installed" version="1">
-    <linux:name>shadow-utils</linux:name>
+    <linux:name>{{% if product == "sle12" %}}shadow{{% else %}}shadow-utils{{% endif %}}</linux:name>
   </linux:rpminfo_object>
 {{% elif pkg_system == "dpkg" %}}
   <linux:dpkginfo_test check="all" check_existence="all_exist"

diff --git a/sle12/product.yml b/sle12/product.yml
@@ -21,3 +21,6 @@ cpes:
       name: "cpe:/o:suse:linux_enterprise_desktop:12"
       title: "SUSE Linux Enterprise Desktop 12"
       check_id: installed_OS_is_sle12
+
+platform_package_overrides:
+  login_defs: "shadow"
diff --git a/sle12/profiles/stig.profile b/sle12/profiles/stig.profile
@@ -7,6 +7,7 @@ description: |-
     DISA STIG for SUSE Linux Enterprise 12 V1R2.
 
 selections:
+    - var_accounts_fail_delay=4
     - installed_OS_is_vendor_supported
     - security_patches_up_to_date
     - sudo_remove_nopasswd
@@ -15,4 +16,5 @@ selections:
     - sshd_do_not_permit_user_env
     - sshd_enable_x11_forwarding
     - gnome_gdm_disable_automatic_login
-    - no_user_host_based_files
+    - no_user_host_based_files
+    - accounts_logon_fail_delay