From aad66f0f5ce5f6c071be87d25a107e8c7810a4de Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Wed, 10 May 2023 15:34:57 +0200
Subject: [PATCH 1/2] Fixes of cron package/service for SLE 12/15

---
 controls/cis_sle12.yml                        |  4 ++--
 controls/cis_sle15.yml                        |  2 +-
 controls/pcidss_4.yml                         |  1 +
 .../package_cron_installed/rule.yml           | 21 ++++++++++++++++++-
 .../service_crond_enabled/rule.yml            |  6 +-----
 products/sle12/profiles/pci-dss-4.profile     |  1 +
 products/sle15/profiles/hipaa.profile         |  2 +-
 7 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/controls/cis_sle12.yml b/controls/cis_sle12.yml
index 694fd064eb1..7f4bab02176 100644
--- a/controls/cis_sle12.yml
+++ b/controls/cis_sle12.yml
@@ -1424,9 +1424,9 @@ controls:
       - l1_workstation
     status: automated
     rules:
+      - package_cron_installed
       - service_cron_enabled
-      - service_crond_enabled
-
+  
   - id: 5.1.2
     title: Ensure permissions on /etc/crontab are configured (Automated)
     levels:
diff --git a/controls/cis_sle15.yml b/controls/cis_sle15.yml
index 86244e08099..5916c449f6c 100644
--- a/controls/cis_sle15.yml
+++ b/controls/cis_sle15.yml
@@ -1608,8 +1608,8 @@ controls:
       - l1_workstation
     status: automated
     rules:
+      - package_cron_installed
       - service_cron_enabled
-      - service_crond_enabled
 
   - id: 5.1.2
     title: Ensure permissions on /etc/crontab are configured (Automated)
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
index 9ea4a56eb97..ab2443c85b7 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -356,6 +356,7 @@ controls:
         - file_owner_cron_allow
         - file_owner_grub2_cfg
         - no_files_unowned_by_user
+        - package_cron_installed
         - service_cron_enabled
         - sshd_disable_empty_passwords
         - sshd_disable_rhosts
diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
index cc6f7001f88..c6ec0cc95a7 100644
--- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
+++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
@@ -1,3 +1,9 @@
+{{% if product in ["sle12", "sle15"] %}}
+{{% set package_name = "cronie" %}}
+{{% else %}}
+{{% set package_name = "cron" %}}
+{{% endif %}}
+
 documentation_complete: true
 
 title: 'Install the cron service'
@@ -8,11 +14,17 @@ rationale: 'The cron service allow periodic job execution, needed for almost all
 
 severity: medium
 
+identifiers:
+    cce@sle12: CCE-92263-3
+    cce@sle15: CCE-91379-8
+
 references:
     anssi: BP28(R50)
     cis-csc: 11,14,3,9
+    cis@sle12: 5.1.1
+    cis@sle15: 5.1.1 
     cis@ubuntu2004: 5.1.1
-    cis@ubuntu2204: 5.1.1
+    cis@ubuntu2204: 5.1.1    
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
@@ -20,7 +32,14 @@ references:
     nist: CM-6(a)
     nist-csf: PR.IP-1,PR.PT-3
 
+ocil_clause: 'the package is installed'
+
+ocil: |-
+    {{{ ocil_package(package_name) }}}
+
 template:
     name: package_installed
     vars:
         pkgname: cron
+        pkgname@sle12: cronie
+        pkgname@sle15: cronie
diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
index ec390e36ce9..4bd153ba0c1 100644
--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
+++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
 
 title: 'Enable cron Service'
 
@@ -20,8 +20,6 @@ identifiers:
     cce@rhel7: CCE-27323-5
     cce@rhel8: CCE-80875-8
     cce@rhel9: CCE-84163-5
-    cce@sle12: CCE-92263-3
-    cce@sle15: CCE-91379-8
 
 references:
     cis-csc: 11,14,3,9
@@ -30,8 +28,6 @@ references:
     cis@rhel7: 5.1.1
     cis@rhel8: 5.1.1
     cis@rhel9: 5.1.1
-    cis@sle12: 5.1.1
-    cis@sle15: 5.1.1
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
     hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
diff --git a/products/sle12/profiles/pci-dss-4.profile b/products/sle12/profiles/pci-dss-4.profile
index 481caa75166..b82b949685c 100644
--- a/products/sle12/profiles/pci-dss-4.profile
+++ b/products/sle12/profiles/pci-dss-4.profile
@@ -51,6 +51,7 @@ selections:
     -  group_unique_name
     -  no_files_unowned_by_user
     -  package_bind_removed
+    -  package_cron_installed
     -  package_dhcp_removed
     -  package_httpd_removed
     -  package_net-snmp_removed
diff --git a/products/sle15/profiles/hipaa.profile b/products/sle15/profiles/hipaa.profile
index 50e6def51cf..a7b280d90ca 100644
--- a/products/sle15/profiles/hipaa.profile
+++ b/products/sle15/profiles/hipaa.profile
@@ -144,6 +144,7 @@ selections:
     - ensure_gpgcheck_local_packages
     - grub2_disable_interactive_boot
     - libreswan_approved_tunnels
+    - package_cron_installed
     - package_rsh-server_removed
     - package_talk-server_removed
     - sebool_selinuxuser_execheap
@@ -157,4 +158,3 @@ selections:
     - service_xinetd_disabled
     - service_zebra_disabled
     - use_kerberos_security_all_exports
-

From 980c7cb94ad1480f02afdb39ebfcc86739ac39ea Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Fri, 26 May 2023 08:08:35 +0200
Subject: [PATCH 2/2] Removal of extra spaces

---
 .../services/cron_and_at/package_cron_installed/rule.yml      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
index c6ec0cc95a7..a8e4956b8a4 100644
--- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
+++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
@@ -22,9 +22,9 @@ references:
     anssi: BP28(R50)
     cis-csc: 11,14,3,9
     cis@sle12: 5.1.1
-    cis@sle15: 5.1.1 
+    cis@sle15: 5.1.1
     cis@ubuntu2004: 5.1.1
-    cis@ubuntu2204: 5.1.1    
+    cis@ubuntu2204: 5.1.1
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'