Merge pull request #10527 from rumch-se/drop_pam_rules_from_sle

Drop of unsupported rules from SLE 12/15 profiles

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2204
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204
 
 title: 'Lock Accounts After Failed Password Attempts'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 
 {{{ bash_pam_faillock_enable() }}}
 {{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}}

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
 
 title: 'Configure the root Account for Failed Password Attempts'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml

@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh

@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2204
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204
 
 title: 'Set Lockout Time for Failed Password Attempts'
 

products/sle12/profiles/anssi_bp28_enhanced.profile

@@ -23,3 +23,4 @@ description: |-
 
 selections:
     - anssi:all:enhanced
+

products/sle12/profiles/anssi_bp28_intermediary.profile

@@ -22,5 +22,4 @@ description: |-
     Manual review is required to assess if the installed services are minimal.
 
 selections:
-  - anssi:all:intermediary
-
+    - anssi:all:intermediary

products/sle12/profiles/anssi_bp28_minimal.profile

@@ -22,5 +22,4 @@ description: |-
     Manual review is required to assess if the installed services are minimal.
 
 selections:
-  - anssi:all:minimal
-
+    - anssi:all:minimal

products/sle12/profiles/pci-dss-4.profile

@@ -77,4 +77,3 @@ selections:
     -  sshd_use_approved_ciphers
     -  sshd_use_approved_macs
     -  sysctl_fs_suid_dumpable
-

products/sle12/profiles/pci-dss.profile

@@ -13,4 +13,3 @@ description: |-
 
 selections:
     - pcidss_3:all:base
-

products/sle15/profiles/anssi_bp28_intermediary.profile

@@ -22,4 +22,4 @@ description: |-
     Manual review is required to assess if the installed services are minimal.
 
 selections:
-  - anssi:all:intermediary
+    - anssi:all:intermediary

products/sle15/profiles/anssi_bp28_minimal.profile

@@ -22,5 +22,4 @@ description: |-
     Manual review is required to assess if the installed services are minimal.
 
 selections:
-  - anssi:all:minimal
-
+    - anssi:all:minimal

products/sle15/profiles/pci-dss-4.profile

@@ -13,6 +13,7 @@ description: |-
 
 selections:
     -  pcidss_4:all:base
-    -  '!service_ntp_enabled'
-    -  '!service_ntpd_enabled'
-    -  '!service_timesyncd_enabled'
+    # remove some rules from profile
+    - '!service_ntp_enabled'
+    - '!service_ntpd_enabled'
+    - '!service_timesyncd_enabled'