Blame SOURCES/scap-security-guide-0.1.55-sles12_stigs_2-PR_6561.patch

b5e178
From 0e28027e3094a219956bbd8d9f6ead1375b901fe Mon Sep 17 00:00:00 2001
b5e178
From: Guang Yee <guang.yee@suse.com>
b5e178
Date: Fri, 22 Jan 2021 12:20:03 -0800
b5e178
Subject: [PATCH] Enable checks and remediations for the following SLES-12
b5e178
 STIGs:
b5e178
b5e178
  - SLES-12-010510 'aide_scan_notification'
b5e178
  - SLES-12-010700 'file_permissions_ungroupowned'
b5e178
  - SLES-12-010710 'accounts_user_interactive_home_directory_defined'
b5e178
  - SLES-12-010730 'accounts_user_interactive_home_directory_exists'
b5e178
  - SLES-12-010740 'file_permissions_home_directories'
b5e178
  - SLES-12-010750 'file_groupownership_home_directories'
b5e178
  - SLES-12-010760 'file_permission_user_init_files'
b5e178
  - SLES-12-010770 'accounts_user_home_paths_only'
b5e178
  - SLES-12-010780 'accounts_user_dot_no_world_writable_programs'
b5e178
  - SLES-12-010790 'mount_option_home_nosuid'
b5e178
  - SLES-12-010800 'mount_option_nosuid_removable_partitions'
b5e178
  - SLES-12-010810 'mount_option_nosuid_remote_filesystems'
b5e178
  - SLES-12-010820 'mount_option_noexec_remote_filesystems'
b5e178
  - SLES-12-010830 'dir_perms_world_writable_system_owned_group'
b5e178
  - SLES-12-010840 'service_kdump_disabled'
b5e178
  - SLES-12-010880 'run_chkstat'
b5e178
  - SLES-12-020500 'audit_rules_unsuccessful_file_modification_truncate'
b5e178
  - SLES-12-020510 'audit_rules_unsuccessful_file_modification_ftruncate'
b5e178
  - SLES-12-020520 'audit_rules_unsuccessful_file_modification_creat'
b5e178
  - SLES-12-020530 'audit_rules_unsuccessful_file_modification_openat'
b5e178
  - SLES-12-020540 'audit_rules_unsuccessful_file_modification_open_by_handle_at'
b5e178
  - SLES-12-020590 'audit_rules_usergroup_modification_gshadow'
b5e178
  - SLES-12-020600 'audit_rules_dac_modification_chmod'
b5e178
  - SLES-12-020650 'audit_rules_login_events_tallylog'
b5e178
  - SLES-12-020660 'audit_rules_login_events_lastlog'
b5e178
  - SLES-12-020680 'audit_rules_privileged_commands_unix_chkpwd'
b5e178
  - SLES-12-020690 'audit_rules_privileged_commands_chage'
b5e178
  - SLES-12-030030 'kernel_module_dccp_disabled'
b5e178
  - SLES-12-030140 'sshd_disable_root_login'
b5e178
  - SLES-12-030180 'sshd_use_approved_macs'
b5e178
  - SLES-12-030380 'sysctl_net_ipv4_icmp_echo_ignore_broadcasts'
b5e178
  - SLES-12-030390 'sysctl_net_ipv4_conf_all_accept_redirects'
b5e178
  - SLES-12-030400 'sysctl_net_ipv4_conf_default_accept_redirects'
b5e178
  - SLES-12-030401 'sysctl_net_ipv6_conf_default_accept_source_route'
b5e178
  - SLES-12-030420 'sysctl_net_ipv4_conf_all_send_redirects'
b5e178
  - SLES-12-030430 'sysctl_net_ipv4_ip_forward'
b5e178
b5e178
Corrections:
b5e178
b5e178
  - Rule 'sysctl_net_ipv4_conf_default_send_redirects' was originally submitted
b5e178
    with an incorrect SLES12 STIG ID. The correct SLES12 STIG ID should
b5e178
    be 'SLES-12-030410'.
b5e178
---
b5e178
 .../base/service_kdump_disabled/rule.yml      |  1 +
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../sshd_disable_root_login/rule.yml          |  1 +
b5e178
 .../sshd_use_approved_macs/ansible/shared.yml |  2 +-
b5e178
 .../sshd_use_approved_macs/rule.yml           |  1 +
b5e178
 .../rule.yml                                  |  6 ++-
b5e178
 .../accounts_user_home_paths_only/rule.yml    |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../file_permission_user_init_files/rule.yml  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../audit_rules_login_events_lastlog/rule.yml |  2 +
b5e178
 .../rule.yml                                  |  2 +
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  5 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../rule.yml                                  |  2 +-
b5e178
 .../sysctl_net_ipv4_ip_forward/rule.yml       |  4 +-
b5e178
 .../kernel_module_dccp_disabled/rule.yml      |  4 +-
b5e178
 .../rule.yml                                  |  9 ++--
b5e178
 .../file_permissions_ungroupowned/rule.yml    |  4 +-
b5e178
 .../mount_option_home_nosuid/rule.yml         |  4 +-
b5e178
 .../rule.yml                                  |  4 +-
b5e178
 .../permissions/permissions_local/group.yml   | 12 +++++
b5e178
 .../permissions_local/run_chkstat/rule.yml    | 50 +++++++++++++++++++
b5e178
 .../aide_scan_notification/bash/shared.sh     | 13 ++++-
b5e178
 .../aide_scan_notification/oval/shared.xml    | 12 +++--
b5e178
 .../aide/aide_scan_notification/rule.yml      |  8 ++-
b5e178
 .../aide/package_aide_installed/rule.yml      |  2 +-
b5e178
 .../ansible.template                          |  2 +-
b5e178
 .../audit_rules_login_events/ansible.template |  2 +-
b5e178
 .../ansible.template                          |  2 +-
b5e178
 .../ansible.template                          |  2 +-
b5e178
 .../ansible.template                          |  2 +-
b5e178
 sle12/profiles/stig.profile                   | 39 +++++++++++++++
b5e178
 48 files changed, 229 insertions(+), 40 deletions(-)
b5e178
 create mode 100644 linux_os/guide/system/permissions/permissions_local/group.yml
b5e178
 create mode 100644 linux_os/guide/system/permissions/permissions_local/run_chkstat/rule.yml
b5e178
b5e178
diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
b5e178
index 3737b264ce..ff9d439b4f 100644
b5e178
--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
b5e178
+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
b5e178
@@ -22,6 +22,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80258-7
b5e178
     cce@rhel8: CCE-80878-2
b5e178
+    cce@sle12: CCE-83105-7
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-021300
b5e178
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
b5e178
index a4a8160aa9..d9c17fb416 100644
b5e178
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
b5e178
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Mount Remote Filesystems with noexec'
b5e178
 
b5e178
@@ -16,6 +16,7 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80436-9
b5e178
+    cce@sle12: CCE-83103-2
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-021021
b5e178
@@ -29,6 +30,7 @@ references:
b5e178
     cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
b5e178
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
b5e178
     cis-csc: 12,13,14,15,16,18,3,5
b5e178
+    stigid@sle12: SLES-12-010820
b5e178
 
b5e178
 ocil_clause: 'the setting does not show'
b5e178
 
b5e178
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
b5e178
index 7a40ea2b27..c14b0aeefb 100644
b5e178
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
b5e178
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Mount Remote Filesystems with nosuid'
b5e178
 
b5e178
@@ -14,6 +14,7 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80240-5
b5e178
+    cce@sle12: CCE-83102-4
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-021020
b5e178
@@ -27,6 +28,7 @@ references:
b5e178
     cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
b5e178
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
b5e178
     cis-csc: 12,13,14,15,16,18,3,5
b5e178
+    stigid@sle12: SLES-12-010810
b5e178
 
b5e178
 ocil_clause: 'the setting does not show'
b5e178
 
b5e178
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
b5e178
index 74002ded9a..287954db61 100644
b5e178
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
b5e178
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
b5e178
@@ -21,6 +21,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-27445-6
b5e178
     cce@rhel8: CCE-80901-2
b5e178
+    cce@sle12: CCE-83035-6
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040370
b5e178
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml
b5e178
index 1a9b6990e9..2c5cf7e1c7 100644
b5e178
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml
b5e178
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/ansible/shared.yml
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = Red Hat Enterprise Linux 7,Oracle Linux 7
b5e178
+# platform = Red Hat Enterprise Linux 7,Oracle Linux 7,multi_platform_sle
b5e178
 # reboot = false
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178
index 394c733f51..a0bc4578a6 100644
b5e178
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
b5e178
@@ -43,6 +43,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-27455-5
b5e178
     cce@rhel8: CCE-82198-3
b5e178
+    cce@sle12: CCE-83036-4
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040400
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
b5e178
index ad337e982c..77f3a12148 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'User Initialization Files Must Not Run World-Writable Programs'
b5e178
 
b5e178
@@ -20,17 +20,19 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80523-4
b5e178
+    cce@sle12: CCE-83099-2
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020730
b5e178
     disa: CCI-000366
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020730
b5e178
+    stigid@sle12: SLES-12-010780
b5e178
 
b5e178
 ocil_clause: 'files are executing world-writable programs'
b5e178
 
b5e178
 ocil: |-
b5e178
     To verify that local initialization files do not execute world-writable programs,
b5e178
     execute the following command:
b5e178
-    
$ sudo find /home -perm -002 -type f -exec ls -ld {} -name ".[^.]*" \;
b5e178
+    
$ sudo find /home -perm -002 -type f -name ".[^.]*" -exec ls -ld {} \;
b5e178
     There should be no output.
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
b5e178
index 9c9dd92fb0..0154c1d73b 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Ensure that Users Path Contains Only Local Directories'
b5e178
 
b5e178
@@ -24,12 +24,14 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80524-2
b5e178
+    cce@sle12: CCE-83098-4
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020720
b5e178
     disa: CCI-000366
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020720
b5e178
+    stigid@sle12: SLES-12-010770
b5e178
 
b5e178
 ocil_clause: 'paths contain more than local home directories'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
b5e178
index 6d6c28eb85..9ee21744b2 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'All Interactive Users Must Have A Home Directory Defined'
b5e178
 
b5e178
@@ -16,12 +16,14 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80528-3
b5e178
+    cce@sle12: CCE-83075-2
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020600
b5e178
     disa: CCI-000366
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020600
b5e178
+    stigid@sle12: SLES-12-010710
b5e178
 
b5e178
 ocil_clause: 'users home directory is not defined'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
b5e178
index 42dfdeabed..a262abba7a 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'All Interactive Users Home Directories Must Exist'
b5e178
 
b5e178
@@ -22,6 +22,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80529-1
b5e178
     cce@rhel8: CCE-83424-2
b5e178
+    cce@sle12: CCE-83074-5
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020620
b5e178
@@ -29,6 +30,7 @@ references:
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020620
b5e178
     cis@rhel8: 6.2.20
b5e178
+    stigid@sle12: SLES-12-010730
b5e178
 
b5e178
 ocil_clause: 'users home directory does not exist'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178
index 0efb03da74..820a942220 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'
b5e178
 
b5e178
@@ -21,6 +21,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80532-5
b5e178
     cce@rhel8: CCE-83434-1
b5e178
+    cce@sle12: CCE-83096-8
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020650
b5e178
@@ -28,6 +29,7 @@ references:
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020650
b5e178
     cis@rhel8: 6.2.8
b5e178
+    stigid@sle12: SLES-12-010750
b5e178
 
b5e178
 ocil_clause: 'the group ownership is incorrect'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
b5e178
index 6d719039a3..4810c941d6 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive'
b5e178
 
b5e178
@@ -18,12 +18,14 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80525-9
b5e178
+    cce@sle12: CCE-83097-6
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020710
b5e178
     disa: CCI-000366
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020710
b5e178
+    stigid@sle12: SLES-12-010760
b5e178
 
b5e178
 ocil_clause: 'they are not 0740 or more permissive'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
b5e178
index edb1b821d3..4898bfa6b6 100644
b5e178
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
b5e178
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive'
b5e178
 
b5e178
@@ -18,12 +18,14 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80530-9
b5e178
+    cce@sle12: CCE-83076-0
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020630
b5e178
     disa: CCI-000366
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-020630
b5e178
+    stigid@sle12: SLES-12-010740
b5e178
 
b5e178
 ocil_clause: 'they are more permissive'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
b5e178
index 5dc589b5fc..22031b6517 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
b5e178
@@ -30,6 +30,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-27339-1
b5e178
     cce@rhel8: CCE-80685-1
b5e178
     cce@rhcos4: CCE-82556-2
b5e178
+    cce@sle12: CCE-83106-5
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030410
b5e178
@@ -45,6 +46,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940
b5e178
     stigid@rhel7: RHEL-07-030410
b5e178
+    stigid@sle12: SLES-12-020600
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
b5e178
index cd550e7c0a..b5abef23d9 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
b5e178
@@ -36,6 +36,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80385-8
b5e178
     cce@rhel8: CCE-80751-1
b5e178
     cce@rhcos4: CCE-82621-4
b5e178
+    cce@sle12: CCE-83092-7
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030500
b5e178
@@ -50,6 +51,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000392-GPOS-00172
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000461-VMM-001830
b5e178
     stigid@rhel7: RHEL-07-030500
b5e178
+    stigid@sle12: SLES-12-020520
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
b5e178
index 9696633f7e..9ed6b36699 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
b5e178
@@ -39,6 +39,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80390-8
b5e178
     cce@rhel8: CCE-80752-9
b5e178
     cce@rhcos4: CCE-82629-7
b5e178
+    cce@sle12: CCE-83091-9
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030550
b5e178
@@ -53,6 +54,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000392-GPOS-00172
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000461-VMM-001830
b5e178
     stigid@rhel7: RHEL-07-030550
b5e178
+    stigid@sle12: SLES-12-020510
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
b5e178
index 08cd7a656c..28076744c3 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
b5e178
@@ -36,6 +36,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80388-2
b5e178
     cce@rhel8: CCE-80755-2
b5e178
     cce@rhcos4: CCE-82640-4
b5e178
+    cce@sle12: CCE-83094-3
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030530
b5e178
@@ -50,6 +51,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000392-GPOS-00172
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000461-VMM-001830
b5e178
     stigid@rhel7: RHEL-07-030530
b5e178
+    stigid@sle12: SLES-12-020540
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
b5e178
index 32501fd295..f1699ab14e 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
b5e178
@@ -39,6 +39,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80387-4
b5e178
     cce@rhel8: CCE-80754-5
b5e178
     cce@rhcos4: CCE-82634-7
b5e178
+    cce@sle12: CCE-83093-5
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030520
b5e178
@@ -53,6 +54,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000392-GPOS-00172
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000461-VMM-001830
b5e178
     stigid@rhel7: RHEL-07-030520
b5e178
+    stigid@sle12: SLES-12-020530
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
b5e178
index 037812a685..60d98c5803 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
b5e178
@@ -39,6 +39,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80389-0
b5e178
     cce@rhel8: CCE-80756-0
b5e178
     cce@rhcos4: CCE-82651-1
b5e178
+    cce@sle12: CCE-83085-1
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030540
b5e178
@@ -53,6 +54,7 @@ references:
b5e178
     srg: SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-OS-000392-GPOS-00172
b5e178
     vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000461-VMM-001830
b5e178
     stigid@rhel7: RHEL-07-030540
b5e178
+    stigid@sle12: SLES-12-020500
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
b5e178
index 7590cb2353..54e820c309 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
b5e178
@@ -28,6 +28,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80384-1
b5e178
     cce@rhel8: CCE-80719-8
b5e178
     cce@rhcos4: CCE-82584-4
b5e178
+    cce@sle12: CCE-83108-1
b5e178
 
b5e178
 references:
b5e178
     cis@rhel7: 4.1.8
b5e178
@@ -43,6 +44,7 @@ references:
b5e178
     srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218
b5e178
     vmmsrg: SRG-OS-000473-VMM-001930,SRG-OS-000470-VMM-001900
b5e178
     stigid@rhel7: RHEL-07-030620
b5e178
+    stigid@sle12: SLES-12-020660
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
b5e178
index 267cafb758..730b7d7201 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
b5e178
@@ -28,6 +28,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80994-7
b5e178
     cce@rhel8: CCE-80720-6
b5e178
     cce@rhcos4: CCE-82585-1
b5e178
+    cce@sle12: CCE-83107-3
b5e178
 
b5e178
 references:
b5e178
     cis: 5.2.8
b5e178
@@ -41,6 +42,7 @@ references:
b5e178
     srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218
b5e178
     vmmsrg: SRG-OS-000473-VMM-001930,SRG-OS-000470-VMM-001900
b5e178
     stigid@rhel7: RHEL-07-030600
b5e178
+    stigid@sle12: SLES-12-020650
b5e178
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
b5e178
index 9503765c88..0fcf3fb9f6 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage'
b5e178
 
b5e178
@@ -34,6 +34,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80398-1
b5e178
     cce@rhel8: CCE-80725-5
b5e178
     cce@rhcos4: CCE-82591-9
b5e178
+    cce@sle12: CCE-83110-7
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030660
b5e178
@@ -45,6 +46,7 @@ references:
b5e178
     srg: SRG-OS-000042-GPOS-00020,SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215
b5e178
     vmmsrg: SRG-OS-000471-VMM-001910
b5e178
     stigid@rhel7: RHEL-07-030660
b5e178
+    stigid@sle12: SLES-12-020690
b5e178
     isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9,SR 6.1,SR 6.2'
b5e178
     isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
b5e178
index 0171bd3758..b458ed6d8c 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd'
b5e178
 
b5e178
@@ -34,6 +34,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80396-5
b5e178
     cce@rhel8: CCE-80740-4
b5e178
     cce@rhcos4: CCE-82609-9
b5e178
+    cce@sle12: CCE-83109-9
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030640
b5e178
@@ -46,6 +47,7 @@ references:
b5e178
     srg: SRG-OS-000042-GPOS-00020,SRG-OS-000392-GPOS-00172,SRG-OS-000471-GPOS-00215
b5e178
     vmmsrg: SRG-OS-000471-VMM-001910
b5e178
     stigid@rhel7: RHEL-07-030640
b5e178
+    stigid@sle12: SLES-12-020680
b5e178
     isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.8,SR 2.9,SR 6.1,SR 6.2'
b5e178
     isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
b5e178
index 9ee6de4b51..0b5707f596 100644
b5e178
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
b5e178
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Record Events that Modify User/Group Information - /etc/gshadow'
b5e178
 
b5e178
@@ -31,6 +31,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80432-8
b5e178
     cce@rhel8: CCE-80759-4
b5e178
     cce@rhcos4: CCE-82655-2
b5e178
+    cce@sle12: CCE-83095-0
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-030872
b5e178
@@ -46,6 +47,7 @@ references:
b5e178
     srg: SRG-OS-000004-GPOS-00004
b5e178
     vmmsrg: SRG-OS-000004-VMM-000040,SRG-OS-000239-VMM-000810,SRG-OS-000240-VMM-000820,SRG-OS-000241-VMM-000830,SRG-OS-000274-VMM-000960,SRG-OS-000275-VMM-000970,SRG-OS-000276-VMM-000980,SRG-OS-000277-VMM-000990,SRG-OS-000303-VMM-001090,SRG-OS-000304-VMM-001100,SRG-OS-000476-VMM-001960
b5e178
     stigid@rhel7: RHEL-07-030872
b5e178
+    stigid@sle12: SLES-12-020590
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.2.2,4.3.3.3.9,4.3.3.5.1,4.3.3.5.2,4.3.3.5.8,4.3.3.6.6,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
b5e178
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
b5e178
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
b5e178
index 76aed7c565..af6be9505a 100644
b5e178
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4
b5e178
+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12
b5e178
 
b5e178
 title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default'
b5e178
 
b5e178
@@ -22,6 +22,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80355-1
b5e178
     cce@rhel8: CCE-81015-0
b5e178
     cce@rhcos4: CCE-82481-3
b5e178
+    cce@sle12: CCE-83087-7 
b5e178
 
b5e178
 references:
b5e178
     anssi: BP28(R22)
b5e178
@@ -35,6 +36,7 @@ references:
b5e178
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
b5e178
     cis-csc: 1,12,13,14,15,16,18,4,6,8,9
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
+    stigid@sle12: SLES-12-030401
b5e178
     cis@rhel8: 3.2.1
b5e178
 
b5e178
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_source_route", value="0") }}}
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
b5e178
index 5a529710db..361073e99c 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces'
b5e178
 
b5e178
@@ -21,6 +21,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80158-9
b5e178
     cce@rhel8: CCE-80917-8
b5e178
     cce@rhcos4: CCE-82469-8
b5e178
+    cce@sle12: CCE-83090-1 
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040641
b5e178
@@ -33,6 +34,7 @@ references:
b5e178
     nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040641
b5e178
+    stigid@sle12: SLES-12-030390 
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
b5e178
     cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
b5e178
index d3336d246f..ed4a024797 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12
b5e178
 
b5e178
 title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
b5e178
 
b5e178
@@ -20,6 +20,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80163-9
b5e178
     cce@rhel8: CCE-80919-4
b5e178
     cce@rhcos4: CCE-82470-6
b5e178
+    cce@sle12: CCE-83081-0 
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040640
b5e178
@@ -32,6 +33,8 @@ references:
b5e178
     nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040640
b5e178
+    stigid@sle12: SLES-12-030400 
b5e178
+
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.4,4.3.3.4,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.4.3.3
b5e178
     cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
b5e178
index a7f24853f6..ef659ec1c2 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
b5e178
 
b5e178
@@ -19,6 +19,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80165-4
b5e178
     cce@rhel8: CCE-80922-8
b5e178
     cce@rhcos4: CCE-82491-2
b5e178
+    cce@sle12: CCE-83080-2 
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040630
b5e178
@@ -30,6 +31,7 @@ references:
b5e178
     nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040630
b5e178
+    stigid@sle12: SLES-12-030380  
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.4,4.3.3.4,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.4.3.3
b5e178
     cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
b5e178
index d610f022fe..f49353c25c 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
b5e178
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
b5e178
 
b5e178
@@ -19,6 +19,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80156-3
b5e178
     cce@rhel8: CCE-80918-6
b5e178
     cce@rhcos4: CCE-82484-7
b5e178
+    cce@sle12: CCE-83089-3 
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040660
b5e178
@@ -31,6 +32,7 @@ references:
b5e178
     nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040660
b5e178
+    stigid@sle12: SLES-12-030420 
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.4,4.3.3.4,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.4.3.3
b5e178
     cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
b5e178
index 861c3485f3..d7d5bfe607 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
b5e178
@@ -32,7 +32,7 @@ references:
b5e178
     nist-csf: DE.AE-1,DE.CM-1,ID.AM-3,PR.AC-5,PR.DS-4,PR.DS-5,PR.IP-1,PR.PT-3,PR.PT-4
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040650
b5e178
-    stigid@sle12: SLES-12-030420 
b5e178
+    stigid@sle12: SLES-12-030410 
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.2.3.4,4.3.3.4,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.4.3.3
b5e178
     cobit5: APO01.06,APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS01.05,DSS03.01,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
b5e178
index 12d84a2604..b9f3d060d5 100644
b5e178
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4
b5e178
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4,sle12
b5e178
 
b5e178
 title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
b5e178
 
b5e178
@@ -17,6 +17,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80157-1
b5e178
     cce@rhel8: CCE-81024-2
b5e178
+    cce@sle12: CCE-83088-5 
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-040740
b5e178
@@ -28,6 +29,7 @@ references:
b5e178
     nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3,PR.PT-4
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-040740
b5e178
+    stigid@sle12: SLES-12-030430 
b5e178
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.2,SR 7.1,SR 7.2,SR 7.6'
b5e178
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
b5e178
     cobit5: APO13.01,BAI04.04,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07,DSS06.06
b5e178
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
b5e178
index ee7140be4b..d9db321b70 100644
b5e178
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
b5e178
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
b5e178
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Disable DCCP Support'
b5e178
 
b5e178
@@ -19,10 +19,12 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-82024-1
b5e178
     cce@rhel8: CCE-80833-7
b5e178
+    cce@sle12: CCE-83055-4  
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020101
b5e178
     stigid@rhel7: RHEL-07-020101
b5e178
+    stigid@sle12: SLES-12-030030
b5e178
     cis@rhel8: 3.3.1
b5e178
     cjis: 5.10.1
b5e178
     cui: 3.4.6
b5e178
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
b5e178
index 1e3c60b7e3..8578172a99 100644
b5e178
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
b5e178
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Ensure All World-Writable Directories Are Group Owned by a System Account'
b5e178
 
b5e178
@@ -22,14 +22,17 @@ severity: medium
b5e178
 
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-83923-3
b5e178
+    cce@sle12: CCE-83104-0
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-021030
b5e178
     disa: CCI-000366
b5e178
     nist: CM-6(a),AC-6(1)
b5e178
+    nist@sle12: CM-6(b)
b5e178
     nist-csf: PR.AC-4,PR.DS-5
b5e178
     srg: SRG-OS-000480-GPOS-00227
b5e178
     stigid@rhel7: RHEL-07-021030
b5e178
+    stigid@sle12: SLES-12-010830
b5e178
     isa-62443-2013: 'SR 2.1,SR 5.2'
b5e178
     isa-62443-2009: 4.3.3.7.3
b5e178
     cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
b5e178
@@ -41,5 +44,5 @@ ocil_clause: 'there is output'
b5e178
 ocil: |-
b5e178
     The following command will discover and print world-writable directories that
b5e178
     are not group owned by a system account, given the assumption that only system
b5e178
-    accounts have a gid lower than 500.  Run it once for each local partition PART:
b5e178
-    
$ sudo find PART -xdev -type d -perm -0002 -gid +499 -print
b5e178
+    accounts have a gid lower than {{{ auid }}}.  Run it once for each local partition PART:
b5e178
+    
$ sudo find PART -xdev -type d -perm -0002 -gid +{{{ auid - 1 }}} -print
b5e178
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
b5e178
index 68fd6821b8..79594c701f 100644
b5e178
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
b5e178
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
b5e178
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
b5e178
 
b5e178
 title: 'Ensure All Files Are Owned by a Group'
b5e178
 
b5e178
@@ -24,6 +24,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80135-7
b5e178
     cce@rhel8: CCE-83497-8
b5e178
+    cce@sle12: CCE-83073-7
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020330
b5e178
@@ -40,6 +41,7 @@ references:
b5e178
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
b5e178
     cis-csc: 1,11,12,13,14,15,16,18,3,5
b5e178
     cis@sle15: 6.1.12
b5e178
+    stigid@sle12: SLES-12-010700
b5e178
 
b5e178
 ocil_clause: 'there is output'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
b5e178
index dadd3fa3e9..3652cf9f2b 100644
b5e178
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
b5e178
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4,sle12
b5e178
 
b5e178
 title: 'Add nosuid Option to /home'
b5e178
 
b5e178
@@ -21,6 +21,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-81153-9
b5e178
     cce@rhel8: CCE-81050-7
b5e178
+    cce@sle12: CCE-83100-8
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-021000
b5e178
@@ -36,6 +37,7 @@ references:
b5e178
     cis-csc: 11,13,14,3,8,9
b5e178
     anssi: BP28(R12)
b5e178
     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
b5e178
+    stigid@sle12: SLES-12-010790
b5e178
 
b5e178
 platform: machine
b5e178
 
b5e178
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
b5e178
index e507bb4465..5f19864ded 100644
b5e178
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
b5e178
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4,ubuntu1804
b5e178
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804
b5e178
 
b5e178
 title: 'Add nosuid Option to Removable Media Partitions'
b5e178
 
b5e178
@@ -23,6 +23,7 @@ identifiers:
b5e178
     cce@rhel7: CCE-80148-0
b5e178
     cce@rhel8: CCE-82744-4
b5e178
     cce@rhcos4: CCE-82745-1
b5e178
+    cce@sle12: CCE-83101-6
b5e178
 
b5e178
 references:
b5e178
     cis@rhel8: 1.1.19
b5e178
@@ -39,6 +40,7 @@ references:
b5e178
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.11.2.6,A.11.2.9,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.1,A.8.2.2,A.8.2.3,A.8.3.1,A.8.3.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
b5e178
     cis-csc: 11,12,13,14,15,16,18,3,5,8,9
b5e178
     cis@sle15: 1.1.21
b5e178
+    stigid@sle12: SLES-12-010800
b5e178
 
b5e178
 platform: machine
b5e178
 
b5e178
diff --git a/linux_os/guide/system/permissions/permissions_local/group.yml b/linux_os/guide/system/permissions/permissions_local/group.yml
b5e178
new file mode 100644
b5e178
index 0000000000..6e13c74f51
b5e178
--- /dev/null
b5e178
+++ b/linux_os/guide/system/permissions/permissions_local/group.yml
b5e178
@@ -0,0 +1,12 @@
b5e178
+documentation_complete: true
b5e178
+
b5e178
+title: |-
b5e178
+    Verify Permissions on Important Files and
b5e178
+    Directories Are Configured in /etc/permissions.local
b5e178
+
b5e178
+description: |-
b5e178
+    Permissions for many files on a system must be set
b5e178
+    restrictively to ensure sensitive information is properly protected.
b5e178
+    This section discusses the <tt>/etc/permissions.local</tt> file, where
b5e178
+    expected permissions can be configured to be checked and fixed through
b5e178
+    usage of the <tt>chkstat</tt> command.
b5e178
diff --git a/linux_os/guide/system/permissions/permissions_local/run_chkstat/rule.yml b/linux_os/guide/system/permissions/permissions_local/run_chkstat/rule.yml
b5e178
new file mode 100644
b5e178
index 0000000000..8c28313067
b5e178
--- /dev/null
b5e178
+++ b/linux_os/guide/system/permissions/permissions_local/run_chkstat/rule.yml
b5e178
@@ -0,0 +1,50 @@
b5e178
+documentation_complete: true
b5e178
+
b5e178
+prodtype: sle12
b5e178
+
b5e178
+title: 'OS commands and libraries must have the proper permissions to protect from unauthorized access'
b5e178
+
b5e178
+description: |-
b5e178
+    Verify that the SUSE operating system prevents unauthorized users from
b5e178
+    accessing system command and library files.
b5e178
+
b5e178
+    Check that all of the audit information files and folders have the correct
b5e178
+    permissions with the following command:
b5e178
+    
# sudo chkstat --warn --system
b5e178
+
b5e178
+    Set the correct permissions with the following command:
b5e178
+
b5e178
+    
# sudo chkstat --set --system
b5e178
+
b5e178
+rationale: |-
b5e178
+    If the SUSE operating system were to allow any user to make changes to
b5e178
+    software libraries, those changes might be implemented without undergoing
b5e178
+    the appropriate testing and approvals that are part of a robust change
b5e178
+    management process.
b5e178
+
b5e178
+    This requirement applies to SUSE operating systems with software libraries
b5e178
+    that are accessible and configurable, as in the case of interpreted
b5e178
+    languages. Software libraries also include privileged programs that execute
b5e178
+    with escalated privileges. Only qualified and authorized individuals must
b5e178
+    be allowed to obtain access to information system components to initiate
b5e178
+    changes, including upgrades and modifications.
b5e178
+
b5e178
+severity: medium
b5e178
+
b5e178
+identifiers:
b5e178
+    cce@sle12: CCE-83111-5
b5e178
+
b5e178
+references:
b5e178
+    disa@sle12: CCI-001499
b5e178
+    nist@sle12: CM-5(6)
b5e178
+    srg@sle12: SRG-OS-000259-GPOS-00100
b5e178
+    stigid@sle12: SLES-12-010880
b5e178
+
b5e178
+ocil: |-
b5e178
+    Check that all of the audit information files and folders have the correct
b5e178
+    permissions with the following command:
b5e178
+    
# sudo chkstat --warn --system
b5e178
+
b5e178
+    If you get any warnings, set the correct permissions with the following command:
b5e178
+
b5e178
+    
# sudo chkstat --set --system
b5e178
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
b5e178
index 9b2e235311..fbe9ddbb3e 100644
b5e178
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
b5e178
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
b5e178
@@ -1,15 +1,24 @@
b5e178
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol
b5e178
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
b5e178
 
b5e178
 {{{ bash_package_install("aide") }}}
b5e178
 
b5e178
 CRONTAB=/etc/crontab
b5e178
 CRONDIRS='/etc/cron.d /etc/cron.daily /etc/cron.weekly /etc/cron.monthly'
b5e178
 
b5e178
+# NOTE: on some platforms, /etc/crontab may not exist
b5e178
+if [ -f /etc/crontab ]; then
b5e178
+	CRONTAB_EXIST=/etc/crontab
b5e178
+fi
b5e178
+
b5e178
 if [ -f /var/spool/cron/root ]; then
b5e178
 	VARSPOOL=/var/spool/cron/root
b5e178
 fi
b5e178
 
b5e178
-if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB $VARSPOOL $CRONDIRS; then
b5e178
+if ! grep -qR '^.*\/usr\/sbin\/aide\s*\-\-check.*|.*\/bin\/mail\s*-s\s*".*"\s*root@.*$' $CRONTAB_EXIST $VARSPOOL $CRONDIRS; then
b5e178
+{{% if product == "sle12" %}}
b5e178
+	echo '0 5 * * * root /usr/bin/aide  --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost' >> $CRONTAB
b5e178
+{{% else %}}
b5e178
 	echo '0 5 * * * root /usr/sbin/aide  --check | /bin/mail -s "$(hostname) - AIDE Integrity Check" root@localhost' >> $CRONTAB
b5e178
+{{% endif %}}
b5e178
 fi
b5e178
 
b5e178
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
b5e178
index d6d9f2542e..7f557bd6a3 100644
b5e178
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
b5e178
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
b5e178
@@ -1,3 +1,9 @@
b5e178
+{{% if product in ["sle12", "sle15"] %}} 
b5e178
+{{% set aide_bin_path = "/usr/bin/aide" %}} 
b5e178
+{{% else %}} 
b5e178
+{{% set aide_bin_path = "/usr/sbin/aide" %}} 
b5e178
+{{% endif %}} 
b5e178
+
b5e178
 <def-group>
b5e178
   <definition class="compliance" id="aide_scan_notification" version="1">
b5e178
     {{{ oval_metadata("AIDE should notify appropriate personnel of the details
b5e178
@@ -17,7 +23,7 @@
b5e178
   </ind:textfilecontent54_test>
b5e178
   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_test_aide_scan_notification" version="1">
b5e178
     <ind:filepath>/etc/crontab</ind:filepath>
b5e178
-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
+    <ind:pattern operation="pattern match">^.*{{{ aide_bin_path }}}[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
b5e178
   </ind:textfilecontent54_object>
b5e178
 
b5e178
@@ -26,7 +32,7 @@
b5e178
   </ind:textfilecontent54_test>
b5e178
   <ind:textfilecontent54_object comment="notify personnel when aide completes" id="object_aide_var_cron_notification" version="1">
b5e178
     <ind:filepath>/var/spool/cron/root</ind:filepath>
b5e178
-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
+    <ind:pattern operation="pattern match">^.*{{{ aide_bin_path }}}[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
b5e178
   </ind:textfilecontent54_object>
b5e178
 
b5e178
@@ -36,7 +42,7 @@
b5e178
   <ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="object_aide_crontabs_notification" version="1">
b5e178
     <ind:path operation="pattern match">^/etc/cron.(d|daily|weekly|monthly)$</ind:path>
b5e178
     <ind:filename operation="pattern match">^.*$</ind:filename>
b5e178
-    <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
+    <ind:pattern operation="pattern match">^.*{{{ aide_bin_path }}}[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
b5e178
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
b5e178
   </ind:textfilecontent54_object>
b5e178
    
b5e178
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
b5e178
index 3ed6a7bb37..cc696141f6 100644
b5e178
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
b5e178
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
b5e178
@@ -1,6 +1,6 @@
b5e178
 documentation_complete: true
b5e178
 
b5e178
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
b5e178
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
b5e178
 
b5e178
 title: 'Configure Notification of Post-AIDE Scan Details'
b5e178
 
b5e178
@@ -30,6 +30,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-80374-2
b5e178
     cce@rhel8: CCE-82891-3
b5e178
+    cce@sle12: CCE-83048-9
b5e178
 
b5e178
 references:
b5e178
     stigid@ol7: OL07-00-020040
b5e178
@@ -44,6 +45,11 @@ references:
b5e178
     cobit5: BAI01.06,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.05,DSS05.07
b5e178
     iso27001-2013: A.12.1.2,A.12.4.1,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.14.2.7,A.15.2.1
b5e178
     cis-csc: 1,11,12,13,15,16,2,3,5,7,8,9
b5e178
+    disa@sle12: CCI-002702 
b5e178
+    nist@sle12: SI-6d
b5e178
+    stigid@sle12: SLES-12-010510
b5e178
+    srg@sle12: SRG-OS-000447-GPOS-00201
b5e178
+    disa@sle12:  CCI-002702 
b5e178
 
b5e178
 ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details'
b5e178
 
b5e178
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
b5e178
index 23e939bbec..abf13a274a 100644
b5e178
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
b5e178
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
b5e178
@@ -14,7 +14,7 @@ severity: medium
b5e178
 identifiers:
b5e178
     cce@rhel7: CCE-27096-7
b5e178
     cce@rhel8: CCE-80844-4
b5e178
-    cce@sle12: CCE-83048-9
b5e178
+    cce@sle12: CCE-83067-9
b5e178
 
b5e178
 references:
b5e178
     cis@rhel8: 1.4.1
b5e178
diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
b5e178
index 49e4258cd2..70101ca777 100644
b5e178
--- a/shared/templates/audit_rules_dac_modification/ansible.template
b5e178
+++ b/shared/templates/audit_rules_dac_modification/ansible.template
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
b5e178
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
b5e178
 # reboot = true
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
b5e178
index e36d4b3371..4b32771c3f 100644
b5e178
--- a/shared/templates/audit_rules_login_events/ansible.template
b5e178
+++ b/shared/templates/audit_rules_login_events/ansible.template
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
b5e178
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
b5e178
 # reboot = true
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
b5e178
index a992b47960..1c5a8b6b2a 100644
b5e178
--- a/shared/templates/audit_rules_privileged_commands/ansible.template
b5e178
+++ b/shared/templates/audit_rules_privileged_commands/ansible.template
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
b5e178
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
b5e178
 # reboot = false
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
b5e178
index 3737145add..8e8e003a5b 100644
b5e178
--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
b5e178
+++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
b5e178
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
b5e178
 # reboot = true
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
b5e178
index 2fab63ae44..ea9738ecb2 100644
b5e178
--- a/shared/templates/audit_rules_usergroup_modification/ansible.template
b5e178
+++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
b5e178
@@ -1,4 +1,4 @@
b5e178
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
b5e178
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
b5e178
 # reboot = true
b5e178
 # strategy = restrict
b5e178
 # complexity = low
b5e178
diff --git a/sle12/profiles/stig.profile b/sle12/profiles/stig.profile
b5e178
index 15c4f70336..4c8b361226 100644
b5e178
--- a/sle12/profiles/stig.profile
b5e178
+++ b/sle12/profiles/stig.profile
b5e178
@@ -7,7 +7,9 @@ description: |-
b5e178
     DISA STIG for SUSE Linux Enterprise 12 V1R2.
b5e178
 
b5e178
 selections:
b5e178
+    - sshd_approved_macs=stig
b5e178
     - var_accounts_fail_delay=4
b5e178
+    - var_removable_partition=dev_cdrom
b5e178
     - account_disable_post_pw_expiration
b5e178
     - account_temp_expire_date
b5e178
     - accounts_have_homedir_login_defs
b5e178
@@ -19,6 +21,22 @@ selections:
b5e178
     - accounts_password_set_max_life_existing
b5e178
     - accounts_password_set_min_life_existing
b5e178
     - accounts_umask_etc_login_defs
b5e178
+    - accounts_user_dot_no_world_writable_programs
b5e178
+    - accounts_user_home_paths_only
b5e178
+    - accounts_user_interactive_home_directory_defined
b5e178
+    - accounts_user_interactive_home_directory_exists
b5e178
+    - aide_scan_notification
b5e178
+    - audit_rules_dac_modification_chmod
b5e178
+    - audit_rules_login_events_lastlog
b5e178
+    - audit_rules_login_events_tallylog
b5e178
+    - audit_rules_privileged_commands_chage
b5e178
+    - audit_rules_privileged_commands_unix_chkpwd
b5e178
+    - audit_rules_unsuccessful_file_modification_creat
b5e178
+    - audit_rules_unsuccessful_file_modification_ftruncate
b5e178
+    - audit_rules_unsuccessful_file_modification_open_by_handle_at
b5e178
+    - audit_rules_unsuccessful_file_modification_openat
b5e178
+    - audit_rules_unsuccessful_file_modification_truncate
b5e178
+    - audit_rules_usergroup_modification_gshadow
b5e178
     - auditd_audispd_encrypt_sent_records
b5e178
     - auditd_data_disk_full_action
b5e178
     - auditd_data_retention_action_mail_acct
b5e178
@@ -26,17 +44,27 @@ selections:
b5e178
     - banner_etc_issue
b5e178
     - banner_etc_motd
b5e178
     - dir_perms_world_writable_sticky_bits
b5e178
+    - dir_perms_world_writable_system_owned_group
b5e178
     - disable_ctrlaltdel_reboot
b5e178
     - encrypt_partitions
b5e178
     - ensure_gpgcheck_globally_activated
b5e178
+    - file_groupownership_home_directories
b5e178
+    - file_permission_user_init_files
b5e178
+    - file_permissions_home_directories
b5e178
     - file_permissions_sshd_private_key
b5e178
     - file_permissions_sshd_pub_key
b5e178
+    - file_permissions_ungroupowned
b5e178
     - ftp_present_banner
b5e178
     - gnome_gdm_disable_automatic_login
b5e178
     - grub2_password
b5e178
     - grub2_uefi_password
b5e178
     - installed_OS_is_vendor_supported
b5e178
+    - kernel_module_dccp_disabled
b5e178
     - kernel_module_usb-storage_disabled
b5e178
+    - mount_option_home_nosuid
b5e178
+    - mount_option_noexec_remote_filesystems
b5e178
+    - mount_option_nosuid_remote_filesystems
b5e178
+    - mount_option_nosuid_removable_partitions
b5e178
     - no_empty_passwords
b5e178
     - no_files_unowned_by_user
b5e178
     - no_host_based_files
b5e178
@@ -47,11 +75,14 @@ selections:
b5e178
     - package_audit_installed
b5e178
     - package_telnet-server_removed
b5e178
     - postfix_client_configure_mail_alias
b5e178
+    - run_chkstat
b5e178
     - security_patches_up_to_date
b5e178
     - service_auditd_enabled
b5e178
+    - service_kdump_disabled
b5e178
     - set_password_hashing_algorithm_logindefs
b5e178
     - sshd_disable_compression
b5e178
     - sshd_disable_empty_passwords
b5e178
+    - sshd_disable_root_login
b5e178
     - sshd_disable_user_known_hosts
b5e178
     - sshd_do_not_permit_user_env
b5e178
     - sshd_enable_strictmodes
b5e178
@@ -61,10 +92,18 @@ selections:
b5e178
     - sshd_set_idle_timeout
b5e178
     - sshd_set_keepalive
b5e178
     - sshd_set_loglevel_verbose
b5e178
+    - sshd_use_approved_macs
b5e178
     - sshd_use_priv_separation
b5e178
     - sudo_remove_no_authenticate
b5e178
     - sudo_remove_nopasswd
b5e178
+    - sysctl_net_ipv4_conf_all_accept_redirects
b5e178
     - sysctl_net_ipv4_conf_all_accept_source_route
b5e178
+    - sysctl_net_ipv4_conf_all_send_redirects
b5e178
+    - sysctl_net_ipv4_conf_default_accept_redirects
b5e178
     - sysctl_net_ipv4_conf_default_accept_source_route
b5e178
     - sysctl_net_ipv4_conf_default_send_redirects
b5e178
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
b5e178
+    - sysctl_net_ipv4_ip_forward
b5e178
     - sysctl_net_ipv6_conf_all_accept_source_route
b5e178
+    - sysctl_net_ipv6_conf_default_accept_source_route
b5e178
+