From c1e53c979653963f7ef3eb8ea50f25216e381c22 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Thu, 20 Apr 2023 22:52:57 +0300
Subject: [PATCH] Add sysctl disable_ipv6 rule to CIS 3.1.1

- Include sysctl_net_ipv6_conf_all_disable_ipv6 rule,
  to CIS requirement 3.1.1 for SLE platforms.
- Update CIS controls for sle12 and sle15
- Allocate CCEs
---
 controls/cis_sle12.yml                                        | 1 +
 controls/cis_sle15.yml                                        | 1 +
 .../sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml            | 4 ++++
 shared/references/cce-sle12-avail.txt                         | 1 -
 shared/references/cce-sle15-avail.txt                         | 1 -
 5 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/controls/cis_sle12.yml b/controls/cis_sle12.yml
index 72d758a9378..16e878b6c8a 100644
--- a/controls/cis_sle12.yml
+++ b/controls/cis_sle12.yml
@@ -827,6 +827,7 @@ controls:
     status: automated
     rules:
       - grub2_ipv6_disable_argument
+      - sysctl_net_ipv6_conf_all_disable_ipv6
 
   - id: 3.1.2
     title: Ensure wireless interfaces are disabled (Manual)
diff --git a/controls/cis_sle15.yml b/controls/cis_sle15.yml
index 23d614c6a5f..d7e7bda6404 100644
--- a/controls/cis_sle15.yml
+++ b/controls/cis_sle15.yml
@@ -814,6 +814,7 @@ controls:
     status: automated
     rules:
       - grub2_ipv6_disable_argument
+      - sysctl_net_ipv6_conf_all_disable_ipv6
 
   - id: 3.1.2
     title: Ensure wireless interfaces are disabled (Manual)
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
index e171365125c..80763f0b0fc 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
@@ -19,10 +19,14 @@ identifiers:
     cce@rhel7: CCE-80175-3
     cce@rhel8: CCE-85904-1
     cce@rhel9: CCE-86215-1
+    cce@sle12: CCE-92359-9
+    cce@sle15: CCE-92496-9
 
 references:
     anssi: BP28(R13)
     cis-csc: 11,14,3,9
+    cis@sle12: 3.1.1
+    cis@sle15: 3.1.1
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
     cui: 3.1.20
     disa: CCI-001551
diff --git a/shared/references/cce-sle12-avail.txt b/shared/references/cce-sle12-avail.txt
index 1f6f94e9bd4..2cde5bc38a4 100644
--- a/shared/references/cce-sle12-avail.txt
+++ b/shared/references/cce-sle12-avail.txt
@@ -25,7 +25,6 @@ CCE-92354-0
 CCE-92355-7
 CCE-92357-3
 CCE-92358-1
-CCE-92359-9
 CCE-92360-7
 CCE-92362-3
 CCE-92363-1
diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt
index ed75ca2f609..155cfb54657 100644
--- a/shared/references/cce-sle15-avail.txt
+++ b/shared/references/cce-sle15-avail.txt
@@ -9,7 +9,6 @@ CCE-92491-0
 CCE-92492-8
 CCE-92493-6
 CCE-92495-1
-CCE-92496-9
 CCE-92498-5
 CCE-92499-3
 CCE-92500-8