Skip to content

Commit

Permalink
Fixes of cron package/service for SLE 12/15
Browse files Browse the repository at this point in the history
  • Loading branch information
@rumch-se
rumch-se committed May 10, 2023
1 parent f257ecc commit aad66f0
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 10 deletions.
4 changes: 2 additions & 2 deletions controls/cis_sle12.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1424,9 +1424,9 @@ controls:
- l1_workstation
status: automated
rules:
- package_cron_installed
- service_cron_enabled
- service_crond_enabled


- id: 5.1.2
title: Ensure permissions on /etc/crontab are configured (Automated)
levels:
Expand Down
2 changes: 1 addition & 1 deletion controls/cis_sle15.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1608,8 +1608,8 @@ controls:
- l1_workstation
status: automated
rules:
- package_cron_installed
- service_cron_enabled
- service_crond_enabled

- id: 5.1.2
title: Ensure permissions on /etc/crontab are configured (Automated)
Expand Down
1 change: 1 addition & 0 deletions controls/pcidss_4.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,7 @@ controls:
- file_owner_cron_allow
- file_owner_grub2_cfg
- no_files_unowned_by_user
- package_cron_installed
- service_cron_enabled
- sshd_disable_empty_passwords
- sshd_disable_rhosts
Expand Down
21 changes: 20 additions & 1 deletion linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
{{% if product in ["sle12", "sle15"] %}}
{{% set package_name = "cronie" %}}
{{% else %}}
{{% set package_name = "cron" %}}
{{% endif %}}

documentation_complete: true

title: 'Install the cron service'
Expand All @@ -8,19 +14,32 @@ rationale: 'The cron service allow periodic job execution, needed for almost all

severity: medium

identifiers:
cce@sle12: CCE-92263-3
cce@sle15: CCE-91379-8

references:
anssi: BP28(R50)
cis-csc: 11,14,3,9
cis@sle12: 5.1.1
cis@sle15: 5.1.1
cis@ubuntu2004: 5.1.1
cis@ubuntu2204: 5.1.1
cis@ubuntu2204: 5.1.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
nist: CM-6(a)
nist-csf: PR.IP-1,PR.PT-3

ocil_clause: 'the package is installed'

ocil: |-
{{{ ocil_package(package_name) }}}
template:
name: package_installed
vars:
pkgname: cron
pkgname@sle12: cronie
pkgname@sle15: cronie
6 changes: 1 addition & 5 deletions linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
documentation_complete: true

prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4

title: 'Enable cron Service'

Expand All @@ -20,8 +20,6 @@ identifiers:
cce@rhel7: CCE-27323-5
cce@rhel8: CCE-80875-8
cce@rhel9: CCE-84163-5
cce@sle12: CCE-92263-3
cce@sle15: CCE-91379-8

references:
cis-csc: 11,14,3,9
Expand All @@ -30,8 +28,6 @@ references:
cis@rhel7: 5.1.1
cis@rhel8: 5.1.1
cis@rhel9: 5.1.1
cis@sle12: 5.1.1
cis@sle15: 5.1.1
cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
hipaa: 164.308(a)(4)(i),164.308(b)(1),164.308(b)(3),164.310(b),164.312(e)(1),164.312(e)(2)(ii)
isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
Expand Down
1 change: 1 addition & 0 deletions products/sle12/profiles/pci-dss-4.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ selections:
- group_unique_name
- no_files_unowned_by_user
- package_bind_removed
- package_cron_installed
- package_dhcp_removed
- package_httpd_removed
- package_net-snmp_removed
Expand Down
2 changes: 1 addition & 1 deletion products/sle15/profiles/hipaa.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ selections:
- ensure_gpgcheck_local_packages
- grub2_disable_interactive_boot
- libreswan_approved_tunnels
- package_cron_installed
- package_rsh-server_removed
- package_talk-server_removed
- sebool_selinuxuser_execheap
Expand All @@ -157,4 +158,3 @@ selections:
- service_xinetd_disabled
- service_zebra_disabled
- use_kerberos_security_all_exports

0 comments on commit aad66f0

Please sign in to comment.