diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml index 2fdc9a2f22e1..5b54ab892461 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index 317ed5aad013..7c6cb7a2d063 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -28,6 +28,7 @@ identifiers: cce@rhel7: CCE-27433-2 cce@rhel8: CCE-80906-1 cce@rhcos4: CCE-82549-7 + cce@sle12: CCE-83027-3 references: stigid@ol7: OL07-00-040320 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml index a85f9fc6fa6f..bed135a4d987 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index e90c09ae1ae6..d8ccd9e08655 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -27,6 +27,7 @@ severity: medium identifiers: cce@rhel7: CCE-27051-2 cce@rhel8: CCE-80647-1 + cce@sle12: CCE-83050-5 references: stigid@ol7: OL07-00-010250 @@ -39,6 +40,7 @@ references: pcidss: Req-8.2.4 srg: SRG-OS-000076-GPOS-00044 stigid@rhel7: RHEL-07-010250 + stigid@sle12: SLES-12-010280 isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1' isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4 cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml index e394f26d7a98..0c81c0ee5bb1 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml index 8f14e9ad4384..0b6f87837864 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml @@ -26,6 +26,7 @@ severity: medium identifiers: cce@rhel7: CCE-82036-5 cce@rhel8: CCE-80648-9 + cce@sle12: CCE-83049-7 references: stigid@ol7: OL07-00-010230 @@ -36,6 +37,7 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 srg: SRG-OS-000075-GPOS-00043 stigid@rhel7: RHEL-07-010230 + stigid@sle12: SLES-12-010270 isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1' isa-62443-2009: 4.3.3.2.2,4.3.3.5.1,4.3.3.5.2,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.2,4.3.3.7.4 cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 diff --git a/sle12/profiles/stig.profile b/sle12/profiles/stig.profile index d3f375b63a0f..a2fddbb7fcba 100644 --- a/sle12/profiles/stig.profile +++ b/sle12/profiles/stig.profile @@ -14,6 +14,7 @@ selections: - sudo_remove_no_authenticate - sshd_disable_empty_passwords - sshd_do_not_permit_user_env + - sshd_set_idle_timeout - disable_ctrlaltdel_reboot - sshd_enable_x11_forwarding - gnome_gdm_disable_automatic_login @@ -30,3 +31,5 @@ selections: - auditd_data_retention_action_mail_acct - set_password_hashing_algorithm_logindefs - account_disable_post_pw_expiration + - accounts_maximum_age_login_defs + - accounts_minimum_age_login_defs