Merge branch 'development' into SLES-12-010650

guangyee · Dec 10, 2020 · d98c1b5 · d98c1b5
2 parents bf69194 + 2272211
commit d98c1b5
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 2 deletions.
diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/ansible/shared.yml
@@ -0,0 +1,22 @@
+# platform = multi_platform_sle
+# reboot = false
+# strategy = restrict
+# complexity = low
+# disruption = low
+- block:
+    - name: "Detect the .shosts files on the system"
+      find:
+          paths: /
+          recurse: yes
+          patterns: [".shosts"]
+          hidden: yes
+          file_type: "file"
+      check_mode: no
+      register: shosts_locations
+
+    - name: "Remove .shosts Files"
+      file:
+          path: "{{ item.path }}"
+          state: absent
+      with_items: "{{ shosts_locations.files }}"
+      when: shosts_locations is success
diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
@@ -22,6 +22,7 @@ severity: high
 
 identifiers:
     cce@rhel7: CCE-80514-3
+    cce@sle12: CCE-83021-6
 
 references:
     stigid@ol7: OL07-00-040540

diff --git a/shared/macros-bash.jinja b/shared/macros-bash.jinja
@@ -115,6 +115,8 @@ if ! rpm -q --quiet "{{{ package }}}" ; then
 fi
 {{%- elif pkg_manager == "apt_get" -%}}
 apt-get install -y "{{{ package }}}"
+{{%- elif pkg_manager == "zypper" -%}}
+zypper install -y "{{{ package }}}"
 {{%- else -%}}
 {{{ die("Can't generate a remediation for " + pkg_manager) }}}
 {{%- endif -%}}
@@ -139,6 +141,8 @@ if rpm -q --quiet "{{{ package }}}" ; then
 fi
 {{%- elif pkg_manager == "apt_get" -%}}
 apt-get remove -y "{{{ package }}}"
+{{%- elif pkg_manager == "zypper" -%}}
+zypper remove -y "{{{ package }}}"
 {{%- else -%}}
 {{{ die("Can't generate a remediation for " + pkg_manager) }}}
 {{%- endif -%}}

diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = enable
 # complexity = low

diff --git a/sle12/profiles/stig.profile b/sle12/profiles/stig.profile
@@ -15,4 +15,5 @@ selections:
     - sshd_do_not_permit_user_env
     - sshd_enable_x11_forwarding
     - gnome_gdm_disable_automatic_login
-    - accounts_no_uid_except_zero
+    - accounts_no_uid_except_zero
+    - no_user_host_based_files