Add sysctl disable_ipv6 rule to CIS 3.1.1

- Include sysctl_net_ipv6_conf_all_disable_ipv6 rule, to CIS requirement 3.1.1 for SLE platforms. - Update CIS controls for sle12 and sle15 - Allocate CCEs
ComplianceAsCode · Apr 20, 2023 · c1e53c9 · c1e53c9
1 parent 1c01035
commit c1e53c9
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 2 deletions.
diff --git a/controls/cis_sle12.yml b/controls/cis_sle12.yml
@@ -827,6 +827,7 @@ controls:
     status: automated
     rules:
       - grub2_ipv6_disable_argument
+      - sysctl_net_ipv6_conf_all_disable_ipv6
 
   - id: 3.1.2
     title: Ensure wireless interfaces are disabled (Manual)

diff --git a/controls/cis_sle15.yml b/controls/cis_sle15.yml
@@ -814,6 +814,7 @@ controls:
     status: automated
     rules:
       - grub2_ipv6_disable_argument
+      - sysctl_net_ipv6_conf_all_disable_ipv6
 
   - id: 3.1.2
     title: Ensure wireless interfaces are disabled (Manual)

diff --git a/...system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/...system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
@@ -19,10 +19,14 @@ identifiers:
     cce@rhel7: CCE-80175-3
     cce@rhel8: CCE-85904-1
     cce@rhel9: CCE-86215-1
+    cce@sle12: CCE-92359-9
+    cce@sle15: CCE-92496-9
 
 references:
     anssi: BP28(R13)
     cis-csc: 11,14,3,9
+    cis@sle12: 3.1.1
+    cis@sle15: 3.1.1
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
     cui: 3.1.20
     disa: CCI-001551

diff --git a/shared/references/cce-sle12-avail.txt b/shared/references/cce-sle12-avail.txt
@@ -25,7 +25,6 @@ CCE-92354-0
 CCE-92355-7
 CCE-92357-3
 CCE-92358-1
-CCE-92359-9
 CCE-92360-7
 CCE-92362-3
 CCE-92363-1

diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt
@@ -9,7 +9,6 @@ CCE-92491-0
 CCE-92492-8
 CCE-92493-6
 CCE-92495-1
-CCE-92496-9
 CCE-92498-5
 CCE-92499-3
 CCE-92500-8