Feature suse 15.1

linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8
+prodtype: rhel6,rhel7,rhel8,sle15
 
 title: 'Uninstall httpd Package'
 

linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel6,rhel7,rhel8
+prodtype: rhel6,rhel7,rhel8,sle15
 
 title: 'Disable httpd Service'
 

linux_os/guide/services/ssh/package_openssh_installed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: opensuse,sle11,sle12
+prodtype: opensuse,sle11,sle12,sle15
 
 title: 'Install the OpenSSH Client and Server Package'
 

linux_os/guide/services/ssh/service_sshd_enabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhv4,sle12,wrlinux1019
+prodtype: rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Enable the OpenSSH Service'
 

linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
 
 title: 'Record Successful Permission Changes to Files - chmod'
 

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/oval/shared.xml

@@ -7,6 +7,7 @@
         <platform>multi_platform_fedora</platform>
         <platform>multi_platform_ol</platform>
         <platform>multi_platform_rhel</platform>
+        <platform>multi_platform_sle</platform>
       </affected>
       <description>The audit rules should be configured to log information about kernel module loading and unloading.</description>
     </metadata>

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
 
 title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module'
 
@@ -47,4 +47,3 @@ references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
 
 {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
-

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
 
 title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module'
 
@@ -47,4 +47,3 @@ references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
 
 {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
-

linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ocp4,ol7,ol8,rhel7,rhel8
+prodtype: ocp4,ol7,ol8,rhel7,rhel8,sle15
 
 title: 'Install firewalld Package'
 

sle15/CMakeLists.txt

@@ -3,4 +3,9 @@ if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
     message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the developer_guide.adoc for more details!")
 endif()
 
+set(PRODUCT "sle15")
 ssg_build_product("sle15")
+
+ssg_build_html_nistrefs_table(${PRODUCT} "standard")
+
+ssg_build_html_cce_table(${PRODUCT})

sle15/cpe/sle15-cpe-dictionary.xml

@@ -67,9 +67,4 @@
             <!-- the check references an OVAL file that contains an inventory definition -->
             <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_systemd_package</check>
       </cpe-item>
-      <cpe-item name="cpe:/a:yum">
-            <title xml:lang="en-us">Package yum is installed</title>
-            <!-- the check references an OVAL file that contains an inventory definition -->
-            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_env_has_yum_package</check>
-      </cpe-item>
 </cpe-list>

sle15/profiles/standard.profile

@@ -27,18 +27,11 @@ selections:
     - service_cron_enabled
     - service_ntp_enabled
     - service_rsyslog_enabled
-    - sshd_idle_timeout_value=5_minutes
-    - sshd_set_idle_timeout
-    - sshd_disable_root_login
-    - sshd_disable_empty_passwords
-    - sshd_allow_only_protocol2
-    - sshd_set_keepalive
     - file_owner_logfiles_value=adm
     - rsyslog_files_ownership
     - file_groupowner_logfiles_value=adm
     - rsyslog_files_groupownership
     - rsyslog_files_permissions
-    - "!rsyslog_remote_loghost"
     - ensure_logrotate_activated
     - file_permissions_systemmap
     - file_permissions_etc_shadow
@@ -83,7 +76,7 @@ selections:
     - accounts_tmout
     - display_login_attempts
     - inactivity_timeout_value=15_minutes
-    - var_password_pam_minlen=15
+    - var_password_pam_minlen=8
     - accounts_password_pam_minlen
     - accounts_password_minlen_login_defs
     - var_password_pam_ocredit=1
@@ -105,3 +98,47 @@ selections:
     - accounts_passwords_pam_faillock_deny
     - accounts_passwords_pam_faillock_interval
     - accounts_passwords_pam_faillock_unlock_time
+    - service_httpd_disabled
+    - package_httpd_removed
+    - package_firewalld_installed
+    - package_openssh_installed
+    - service_sshd_enabled
+    - sshd_enable_x11_forwarding
+    - sshd_allow_only_protocol2
+    - sshd_idle_timeout_value=5_minutes
+    - sshd_set_idle_timeout
+    - sshd_disable_root_login
+    - sshd_disable_empty_passwords
+    - sshd_set_keepalive
+    - audit_rules_time_adjtimex
+    - audit_rules_time_settimeofday
+    - audit_rules_time_stime
+    - audit_rules_time_clock_settime
+    - audit_rules_time_watch_localtime
+    - audit_rules_usergroup_modification
+    - audit_rules_networkconfig_modification
+    - audit_rules_mac_modification
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_unsuccessful_file_modification
+    - audit_rules_privileged_commands
+    - audit_rules_media_export
+    - audit_rules_file_deletion_events
+    - audit_rules_sysadmin_actions
+    - audit_rules_kernel_module_loading_finit
+    - audit_rules_kernel_module_loading_init
+    - audit_rules_successful_file_modification_chmod
+    - audit_rules_file_deletion_events_rmdir
+    - audit_rules_file_deletion_events_unlink
+    - audit_rules_file_deletion_events_unlinkat

ssg/constants.py

@@ -103,6 +103,7 @@
 PKG_MANAGER_TO_CONFIG_FILE = {
     "yum": "/etc/yum.conf",
     "dnf": "/etc/dnf/dnf.conf",
+    "zypper": "/etc/zypp/zypper.conf",
 }
 
 FULL_NAME_TO_PRODUCT_MAPPING = {
@@ -263,6 +264,7 @@
     ],
     "sle15": [
         "cpe:/o:suse:linux_enterprise_server:15",
+        "cpe:/o:suse:linux_enterprise_desktop:15",
     ],
     "ubuntu1404": [
         "cpe:/o:canonical:ubuntu_linux:14.04",