From 8ed0930d47f568bd88e0e45054018c9134019af9 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 24 Jul 2024 16:22:03 +0300
Subject: [PATCH 01/18] Update SUSE Linux Enterprise Micro 5 product name

---
 CMakeLists.txt                                                | 2 +-
 .../installed_OS_is_vendor_supported/oval/shared.xml          | 2 +-
 products/slmicro5/product.yml                                 | 2 +-
 products/slmicro5/transforms/constants.xslt                   | 2 +-
 ssg/constants.py                                              | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4b82fd3a147..4c258307da6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -109,7 +109,7 @@ option(SSG_PRODUCT_RHEL10 "If enabled, the RHEL10 SCAP content will be built" ${
 option(SSG_PRODUCT_RHV4 "If enabled, the RHV4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_SLE12 "If enabled, the SLE12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_SLE15 "If enabled, the SLE15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
-option(SSG_PRODUCT_SLMICRO5 "If enabled, the SLE Micro 5.x SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+option(SSG_PRODUCT_SLMICRO5 "If enabled, the SLE Micro 5 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_UBUNTU1604 "If enabled, the Ubuntu 16.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_UBUNTU1804 "If enabled, the Ubuntu 18.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_UBUNTU2004 "If enabled, the Ubuntu 20.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
index a534dca8e37..d4f69821588 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -10,7 +10,7 @@
       <extend_definition comment="Installed OS is OL8" definition_ref="installed_OS_is_ol8" />
       <extend_definition comment="Installed OS is SLE12" definition_ref="installed_OS_is_sle12" />
       <extend_definition comment="Installed OS is SLE15" definition_ref="installed_OS_is_sle15" />
-      <extend_definition comment="Installed OS is SLE Micro 5.X" definition_ref="installed_OS_is_slmicro5" />
+      <extend_definition comment="Installed OS is SLE Micro 5" definition_ref="installed_OS_is_slmicro5" />
     </criteria>
   </definition>
 
diff --git a/products/slmicro5/product.yml b/products/slmicro5/product.yml
index 070da6f7712..cc2cb4a7907 100644
--- a/products/slmicro5/product.yml
+++ b/products/slmicro5/product.yml
@@ -1,5 +1,5 @@
 product: slmicro5
-full_name: SUSE Linux Enterprise Micro 5.x
+full_name: SUSE Linux Enterprise Micro 5
 type: platform
 
 major_version_ordinal: 5
diff --git a/products/slmicro5/transforms/constants.xslt b/products/slmicro5/transforms/constants.xslt
index 7e5bc846414..b30aab80c08 100644
--- a/products/slmicro5/transforms/constants.xslt
+++ b/products/slmicro5/transforms/constants.xslt
@@ -2,7 +2,7 @@
 
 <xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
 
-<xsl:variable name="product_long_name">SUSE Linux Enterprise Micro 5.x</xsl:variable>
+<xsl:variable name="product_long_name">SUSE Linux Enterprise Micro 5</xsl:variable>
 <xsl:variable name="product_short_name">SLE Micro 5</xsl:variable>
 <xsl:variable name="product_stig_id_name">SUSE_Linux_Enterprise_Micro_5_STIG</xsl:variable>
 <xsl:variable name="prod_type">slmicro5</xsl:variable>
diff --git a/ssg/constants.py b/ssg/constants.py
index 9e12d325a04..7f8910743f1 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -225,14 +225,14 @@
     "Red Hat Virtualization 4": "rhv4",
     "SUSE Linux Enterprise 12": "sle12",
     "SUSE Linux Enterprise 15": "sle15",
-    "SUSE Linux Enterprise Micro 5.x": "slmicro5",
+    "SUSE Linux Enterprise Micro 5": "slmicro5",
     "Ubuntu 16.04": "ubuntu1604",
     "Ubuntu 18.04": "ubuntu1804",
     "Ubuntu 20.04": "ubuntu2004",
     "Ubuntu 22.04": "ubuntu2204",
     "UnionTech OS Server 20": "uos20",
     "OpenEmbedded": "openembedded",
-    "Not Applicable" : "example",
+    "Not Applicable": "example",
 }
 
 

From 0d1fedb53511e026d7a4d2ad958e84ebd6b31846 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 24 Jul 2024 16:37:02 +0300
Subject: [PATCH 02/18] Update stig_slmicro5.yml format

---
 controls/stig_slmicro5.yml | 3188 ++++++++++++++++++++----------------
 1 file changed, 1758 insertions(+), 1430 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index fc9cf093877..5ca4744b924 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1,1438 +1,1766 @@
 policy: SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
 title: SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
 id: stig_slmicro5
-version: V1R1
 source: https://public.cyber.mil/stigs/downloads/
+version: V1R1
 reference_type: stigid
 product: slmicro5
 levels:
-- id: high
-- id: medium
-- id: low
+    - id: high
+    - id: medium
+    - id: low
 controls:
-- id: SLEM-05-211010
-  levels:
-  - high
-  title: SLEM 5 must be a vendor-supported release.
-  rules:
-  - installed_OS_is_vendor_supported
-  status: automated
-- id: SLEM-05-211015
-  levels:
-  - medium
-  title: SLEM 5 must implement an endpoint security tool.
-  rules: []
-  status: pending
-- id: SLEM-05-211020
-  levels:
-  - medium
-  title: SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner
-    before granting any local or remote connection to the system.
-  rules:
-  - sshd_enable_warning_banner
-  status: automated
-- id: SLEM-05-211025
-  levels:
-  - high
-  title: SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence.
-  rules: []
-  status: pending
-- id: SLEM-05-212010
-  levels:
-  - high
-  title: SLEM 5 with a basic input/output system (BIOS) must require authentication
-    upon booting into single-user and maintenance modes.
-  rules: []
-  status: pending
-- id: SLEM-05-212015
-  levels:
-  - high
-  title: SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must
-    require authentication upon booting into single-user mode and maintenance.
-  rules: []
-  status: pending
-- id: SLEM-05-213010
-  levels:
-  - medium
-  title: SLEM 5 must restrict access to the kernel message buffer.
-  rules: []
-  status: pending
-- id: SLEM-05-213015
-  levels:
-  - medium
-  title: SLEM 5 kernel core dumps must be disabled unless needed.
-  rules: []
-  status: pending
-- id: SLEM-05-213020
-  levels:
-  - medium
-  title: Address space layout randomization (ASLR) must be implemented by SLEM 5 to
-    protect memory from unauthorized code execution.
-  rules: []
-  status: pending
-- id: SLEM-05-213025
-  levels:
-  - medium
-  title: SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel
-    addresses.
-  rules: []
-  status: pending
-- id: SLEM-05-214010
-  levels:
-  - medium
-  title: Vendor-packaged SLEM 5 security patches and updates must be installed and
-    up to date.
-  rules: []
-  status: pending
-- id: SLEM-05-214015
-  levels:
-  - high
-  title: The SLEM 5 tool zypper must have gpgcheck enabled.
-  rules: []
-  status: pending
-- id: SLEM-05-214020
-  levels:
-  - medium
-  title: SLEM 5 must remove all outdated software components after updated versions
-    have been installed.
-  rules: []
-  status: pending
-- id: SLEM-05-215010
-  levels:
-  - medium
-  title: SLEM 5 must use vlock to allow for session locking.
-  rules: []
-  status: pending
-- id: SLEM-05-215015
-  levels:
-  - high
-  title: SLEM 5 must not have the telnet-server package installed.
-  rules: []
-  status: pending
-- id: SLEM-05-231010
-  levels:
-  - medium
-  title: A separate file system must be used for SLEM 5 user home directories (such
-    as /home or an equivalent).
-  rules: []
-  status: pending
-- id: SLEM-05-231015
-  levels:
-  - medium
-  title: SLEM 5 must use a separate file system for /var.
-  rules: []
-  status: pending
-- id: SLEM-05-231020
-  levels:
-  - medium
-  title: SLEM 5 must use a separate file system for the system audit data path.
-  rules: []
-  status: pending
-- id: SLEM-05-231025
-  levels:
-  - medium
-  title: SLEM 5 file systems that are being imported via Network File System (NFS)
-    must be mounted to prevent files with the setuid and setgid bit set from being
-    executed.
-  rules: []
-  status: pending
-- id: SLEM-05-231030
-  levels:
-  - medium
-  title: SLEM 5 file systems that are being imported via Network File System (NFS)
-    must be mounted to prevent binary files from being executed.
-  rules: []
-  status: pending
-- id: SLEM-05-231035
-  levels:
-  - medium
-  title: SLEM 5 file systems that are used with removable media must be mounted to
-    prevent files with the setuid and setgid bit set from being executed.
-  rules: []
-  status: pending
-- id: SLEM-05-231040
-  levels:
-  - high
-  title: All SLEM 5 persistent disk partitions must implement cryptographic mechanisms
-    to prevent unauthorized disclosure or modification of all information that requires
-    at-rest protection.
-  rules: []
-  status: pending
-- id: SLEM-05-231045
-  levels:
-  - medium
-  title: SLEM 5 file systems that contain user home directories must be mounted to
-    prevent files with the setuid and setgid bit set from being executed.
-  rules: []
-  status: pending
-- id: SLEM-05-231050
-  levels:
-  - medium
-  title: SLEM 5 must disable the file system automounter unless required.
-  rules: []
-  status: pending
-- id: SLEM-05-232010
-  levels:
-  - medium
-  title: SLEM 5 must have directories that contain system commands set to a mode of
-    755 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232015
-  levels:
-  - medium
-  title: SLEM 5 must have system commands set to a mode of 755 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232020
-  levels:
-  - medium
-  title: SLEM 5 library directories must have mode 755 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232025
-  levels:
-  - medium
-  title: SLEM 5 library files must have mode 755 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232030
-  levels:
-  - medium
-  title: All SLEM 5 local interactive user home directories must have mode 750 or
-    less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232035
-  levels:
-  - medium
-  title: All SLEM 5 local initialization files must have mode 740 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232040
-  levels:
-  - medium
-  title: SLEM 5 SSH daemon public host key files must have mode 644 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232045
-  levels:
-  - medium
-  title: SLEM 5 SSH daemon private host key files must have mode 640 or less permissive.
-  rules: []
-  status: pending
-- id: SLEM-05-232050
-  levels:
-  - medium
-  title: SLEM 5 library files must be owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232055
-  levels:
-  - medium
-  title: SLEM 5 library files must be group-owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232060
-  levels:
-  - medium
-  title: SLEM 5 library directories must be owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232065
-  levels:
-  - medium
-  title: SLEM 5 library directories must be group-owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232070
-  levels:
-  - medium
-  title: SLEM 5 must have system commands owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232075
-  levels:
-  - medium
-  title: SLEM 5 must have system commands group-owned by root or a system account.
-  rules: []
-  status: pending
-- id: SLEM-05-232080
-  levels:
-  - medium
-  title: SLEM 5 must have directories that contain system commands owned by root.
-  rules: []
-  status: pending
-- id: SLEM-05-232085
-  levels:
-  - medium
-  title: SLEM 5 must have directories that contain system commands group-owned by
-    root.
-  rules: []
-  status: pending
-- id: SLEM-05-232090
-  levels:
-  - medium
-  title: All SLEM 5 files and directories must have a valid owner.
-  rules: []
-  status: pending
-- id: SLEM-05-232095
-  levels:
-  - medium
-  title: All SLEM 5 files and directories must have a valid group owner.
-  rules: []
-  status: pending
-- id: SLEM-05-232100
-  levels:
-  - medium
-  title: All SLEM 5 local interactive user home directories must be group-owned by
-    the home directory owner's primary group.
-  rules: []
-  status: pending
-- id: SLEM-05-232105
-  levels:
-  - medium
-  title: All SLEM 5 world-writable directories must be group-owned by root, sys, bin,
-    or an application group.
-  rules: []
-  status: pending
-- id: SLEM-05-232110
-  levels:
-  - medium
-  title: The sticky bit must be set on all SLEM 5 world-writable directories.
-  rules: []
-  status: pending
-- id: SLEM-05-232115
-  levels:
-  - medium
-  title: SLEM 5 must prevent unauthorized users from accessing system error messages.
-  rules: []
-  status: pending
-- id: SLEM-05-232120
-  levels:
-  - medium
-  title: SLEM 5 must generate error messages that provide information necessary for
-    corrective actions without revealing information that could be exploited by adversaries.
-  rules: []
-  status: pending
-- id: SLEM-05-251010
-  levels:
-  - medium
-  title: SLEM 5 must be configured to prohibit or restrict the use of functions, ports,
-    protocols, and/or services as defined in the Ports, Protocols, and Services Management
-    (PPSM) Category Assignments List (CAL) and vulnerability assessments.
-  rules: []
-  status: pending
-- id: SLEM-05-252010
-  levels:
-  - medium
-  title: SLEM 5 clock must, for networked systems, be synchronized to an authoritative
-    DOD time source at least every 24 hours.
-  rules: []
-  status: pending
-- id: SLEM-05-252015
-  levels:
-  - medium
-  title: SLEM 5 must not have network interfaces in promiscuous mode unless approved
-    and documented.
-  rules: []
-  status: pending
-- id: SLEM-05-253010
-  levels:
-  - medium
-  title: SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed
-    packets.
-  rules: []
-  status: pending
-- id: SLEM-05-253015
-  levels:
-  - medium
-  title: SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed
-    packets by default.
-  rules: []
-  status: pending
-- id: SLEM-05-253020
-  levels:
-  - medium
-  title: SLEM 5 must prevent Internet Protocol version 4 (IPv4) Internet Control Message
-    Protocol (ICMP) redirect messages from being accepted.
-  rules: []
-  status: pending
-- id: SLEM-05-253025
-  levels:
-  - medium
-  title: SLEM 5 must not allow interfaces to accept Internet Protocol version 4 (IPv4)
-    Internet Control Message Protocol (ICMP) redirect messages by default.
-  rules: []
-  status: pending
-- id: SLEM-05-253030
-  levels:
-  - medium
-  title: SLEM 5 must not send Internet Protocol version 4 (IPv4) Internet Control
-    Message Protocol (ICMP) redirects.
-  rules: []
-  status: pending
-- id: SLEM-05-253035
-  levels:
-  - medium
-  title: SLEM 5 must not allow interfaces to send Internet Protocol version 4 (IPv4)
-    Internet Control Message Protocol (ICMP) redirect messages by default.
-  rules: []
-  status: pending
-- id: SLEM-05-253040
-  levels:
-  - medium
-  title: SLEM 5 must not be performing Internet Protocol version 4 (IPv4) packet forwarding
-    unless the system is a router.
-  rules: []
-  status: pending
-- id: SLEM-05-253045
-  levels:
-  - medium
-  title: SLEM 5 must be configured to use TCP syncookies.
-  rules: []
-  status: pending
-- id: SLEM-05-254010
-  levels:
-  - medium
-  title: SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed
-    packets.
-  rules: []
-  status: pending
-- id: SLEM-05-254015
-  levels:
-  - medium
-  title: SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed
-    packets by default.
-  rules: []
-  status: pending
-- id: SLEM-05-254020
-  levels:
-  - medium
-  title: SLEM 5 must prevent Internet Protocol version 6 (IPv6) Internet Control Message
-    Protocol (ICMP) redirect messages from being accepted.
-  rules: []
-  status: pending
-- id: SLEM-05-254025
-  levels:
-  - medium
-  title: SLEM 5 must not allow interfaces to accept Internet Protocol version 6 (IPv6)
-    Internet Control Message Protocol (ICMP) redirect messages by default.
-  rules: []
-  status: pending
-- id: SLEM-05-254030
-  levels:
-  - medium
-  title: SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding
-    unless the system is a router.
-  rules: []
-  status: pending
-- id: SLEM-05-254035
-  levels:
-  - medium
-  title: SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding
-    by default unless the system is a router.
-  rules: []
-  status: pending
-- id: SLEM-05-255010
-  levels:
-  - high
-  title: SLEM 5 must have SSH installed to protect the confidentiality and integrity
-    of transmitted information.
-  rules: []
-  status: pending
-- id: SLEM-05-255015
-  levels:
-  - high
-  title: SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted
-    information.
-  rules: []
-  status: pending
-- id: SLEM-05-255020
-  levels:
-  - medium
-  title: SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner
-    before granting access via SSH.
-  rules: []
-  status: pending
-- id: SLEM-05-255025
-  levels:
-  - high
-  title: SLEM 5 must not allow unattended or automatic logon via SSH.
-  rules:
-  - sshd_disable_empty_passwords
-  - sshd_do_not_permit_user_env
-  status: automated
-- id: SLEM-05-255030
-  levels:
-  - medium
-  title: SLEM 5 must be configured so that all network connections associated with
-    SSH traffic terminate after becoming unresponsive.
-  rules: []
-  status: pending
-- id: SLEM-05-255035
-  levels:
-  - medium
-  title: SLEM 5 must be configured so that all network connections associated with
-    SSH traffic are terminated after 10 minutes of becoming unresponsive.
-  rules: []
-  status: pending
-- id: SLEM-05-255040
-  levels:
-  - medium
-  title: SLEM 5 SSH daemon must disable forwarded remote X connections for interactive
-    users, unless to fulfill documented and validated mission requirements.
-  rules:
-  - sshd_disable_x11_forwarding
-  status: automated
-- id: SLEM-05-255045
-  levels:
-  - high
-  title: SLEM 5 must implement DOD-approved encryption to protect the confidentiality
-    of SSH remote connections.
-  rules: []
-  status: pending
-- id: SLEM-05-255050
-  levels:
-  - high
-  title: SLEM 5 SSH daemon must be configured to only use Message Authentication Codes
-    (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms.
-  rules: []
-  status: pending
-- id: SLEM-05-255055
-  levels:
-  - high
-  title: SLEM 5 SSH server must be configured to use only FIPS 140-2/140-3 validated
-    key exchange algorithms.
-  rules: []
-  status: pending
-- id: SLEM-05-255060
-  levels:
-  - medium
-  title: SLEM 5 must deny direct logons to the root account using remote access via
-    SSH.
-  rules:
-  - sshd_disable_root_login
-  status: automated
-- id: SLEM-05-255065
-  levels:
-  - medium
-  title: SLEM 5 must log SSH connection attempts and failures to the server.
-  rules:
-  - sshd_set_loglevel_verbose
-  status: automated
-- id: SLEM-05-255070
-  levels:
-  - medium
-  title: SLEM 5 must display the date and time of the last successful account logon
-    upon an SSH logon.
-  rules:
-  - sshd_print_last_log
-  status: automated
-- id: SLEM-05-255075
-  levels:
-  - medium
-  title: SLEM 5 SSH daemon must be configured to not allow authentication using known
-    hosts authentication.
-  rules:
-  - sshd_disable_user_known_hosts
-  status: automated
-- id: SLEM-05-255080
-  levels:
-  - medium
-  title: SLEM 5 SSH daemon must perform strict mode checking of home directory configuration
-    files.
-  rules:
-  - sshd_enable_strictmodes
-  status: automated
-- id: SLEM-05-255085
-  levels:
-  - medium
-  title: SLEM 5, for PKI-based authentication, must enforce authorized access to the
-    corresponding private key.
-  rules: []
-  status: pending
-- id: SLEM-05-255090
-  levels:
-  - high
-  title: There must be no .shosts files on SLEM 5.
-  rules: []
-  status: pending
-- id: SLEM-05-255095
-  levels:
-  - high
-  title: There must be no shosts.equiv files on SLEM 5.
-  rules: []
-  status: pending
-- id: SLEM-05-272010
-  levels:
-  - high
-  title: SLEM 5 must not allow unattended or automatic logon via the graphical user
-    interface (GUI).
-  rules: []
-  status: pending
-- id: SLEM-05-291010
-  levels:
-  - medium
-  title: SLEM 5 wireless network adapters must be disabled unless approved and documented.
-  rules: []
-  status: pending
-- id: SLEM-05-291015
-  levels:
-  - medium
-  title: SLEM 5 must disable the USB mass storage kernel module.
-  rules: []
-  status: pending
-- id: SLEM-05-411010
-  levels:
-  - medium
-  title: All SLEM 5 local interactive user accounts, upon creation, must be assigned
-    a home directory.
-  rules: []
-  status: pending
-- id: SLEM-05-411015
-  levels:
-  - medium
-  title: SLEM 5 default permissions must be defined in such a way that all authenticated
-    users can only read and modify their own files.
-  rules: []
-  status: pending
-- id: SLEM-05-411020
-  levels:
-  - medium
-  title: SLEM 5 shadow password suite must be configured to enforce a delay of at
-    least five seconds between logon prompts following a failed logon attempt.
-  rules:
-    - accounts_logon_fail_delay
-    - var_accounts_fail_delay=5
-  status: automated
-- id: SLEM-05-411025
-  levels:
-  - medium
-  title: All SLEM 5 local interactive users must have a home directory assigned in
-    the /etc/passwd file.
-  rules: []
-  status: pending
-- id: SLEM-05-411030
-  levels:
-  - medium
-  title: All SLEM 5 local interactive user home directories defined in the /etc/passwd
-    file must exist.
-  rules: []
-  status: pending
-- id: SLEM-05-411035
-  levels:
-  - medium
-  title: All SLEM 5 local interactive user initialization files executable search
-    paths must contain only paths that resolve to the users' home directory.
-  rules: []
-  status: pending
-- id: SLEM-05-411040
-  levels:
-  - medium
-  title: All SLEM 5 local initialization files must not execute world-writable programs.
-  rules: []
-  status: pending
-- id: SLEM-05-411045
-  levels:
-  - medium
-  title: SLEM 5 must automatically expire temporary accounts within 72 hours.
-  rules: []
-  status: pending
-- id: SLEM-05-411050
-  levels:
-  - medium
-  title: SLEM 5 must never automatically remove or disable emergency administrator
-    accounts.
-  rules: []
-  status: pending
-- id: SLEM-05-411055
-  levels:
-  - medium
-  title: SLEM 5 must not have unnecessary accounts.
-  rules: []
-  status: pending
-- id: SLEM-05-411060
-  levels:
-  - medium
-  title: SLEM 5 must not have unnecessary account capabilities.
-  rules: []
-  status: pending
-- id: SLEM-05-411065
-  levels:
-  - high
-  title: SLEM 5 root account must be the only account with unrestricted access to
-    the system.
-  rules: []
-  status: pending
-- id: SLEM-05-411070
-  levels:
-  - medium
-  title: SLEM 5 must disable account identifiers (individuals, groups, roles, and
-    devices) after 35 days of inactivity after password expiration.
-  rules: []
-  status: pending
-- id: SLEM-05-411075
-  levels:
-  - medium
-  title: SLEM 5 must not have duplicate User IDs (UIDs) for interactive users.
-  rules: []
-  status: pending
-- id: SLEM-05-412010
-  levels:
-  - medium
-  title: SLEM 5 must display the date and time of the last successful account logon
-    upon logon.
-  rules: []
-  status: pending
-- id: SLEM-05-412015
-  levels:
-  - medium
-  title: SLEM 5 must initiate a session lock after a 15-minute period of inactivity.
-  rules: []
-  status: pending
-- id: SLEM-05-412020
-  levels:
-  - medium
-  title: SLEM 5 must lock an account after three consecutive invalid access attempts.
-  rules: []
-  status: pending
-- id: SLEM-05-412025
-  levels:
-  - medium
-  title: SLEM 5 must enforce a delay of at least five seconds between logon prompts
-    following a failed logon attempt via pluggable authentication modules (PAM).
-  rules:
-    - accounts_passwords_pam_faildelay_delay
-    - var_password_pam_delay=4000000
-  status: automated
-- id: SLEM-05-412030
-  levels:
-  - medium
-  title: SLEM 5 must use the default pam_tally2 tally directory.
-  rules:
-    - accounts_passwords_pam_tally2_file
-    - accounts_passwords_pam_tally2_file_selinux
-  status: automated
-- id: SLEM-05-412035
-  levels:
-  - low
-  title: SLEM 5 must limit the number of concurrent sessions to 10 for all accounts
-    and/or account types.
-  rules: []
-  status: pending
-- id: SLEM-05-431010
-  levels:
-  - low
-  title: SLEM 5 must have policycoreutils package installed.
-  rules:
-    - package_policycoreutils_installed
-  status: automated
-- id: SLEM-05-431015
-  levels:
-  - high
-  title: SLEM 5 must use a Linux Security Module configured to enforce limits on system
-    services.
-  rules:
-    - selinux_state
-    - var_selinux_state=enforcing
-- id: SLEM-05-431020
-  levels:
-  - medium
-  title: SLEM 5 must enable the SELinux targeted policy.
-  rules:
-    - selinux_policytype
-    - var_selinux_policy_name=targeted
-  status: automated
-- id: SLEM-05-431025
-  levels:
-  - medium
-  title: SLEM 5 must prevent nonprivileged users from executing privileged functions,
-    including disabling, circumventing, or altering implemented security safeguards/countermeasures.
-  rules: []
-  status: pending
-- id: SLEM-05-432010
-  levels:
-  - medium
-  title: SLEM 5 must use the invoking user's password for privilege escalation when
-    using "sudo".
-  rules: []
-  status: pending
-- id: SLEM-05-432015
-  levels:
-  - medium
-  title: SLEM 5 must reauthenticate users when changing authenticators, roles, or
-    escalating privileges.
-  rules: []
-  status: pending
-- id: SLEM-05-432020
-  levels:
-  - medium
-  title: SLEM 5 must require reauthentication when using the "sudo" command.
-  rules: []
-  status: pending
-- id: SLEM-05-432025
-  levels:
-  - medium
-  title: SLEM 5 must restrict privilege elevation to authorized personnel.
-  rules: []
-  status: pending
-- id: SLEM-05-432030
-  levels:
-  - medium
-  title: SLEM 5 must specify the default "include" directory for the /etc/sudoers
-    file.
-  rules: []
-  status: pending
-- id: SLEM-05-611010
-  levels:
-  - medium
-  title: SLEM 5 must enforce passwords that contain at least one uppercase character.
-  rules: []
-  status: pending
-- id: SLEM-05-611015
-  levels:
-  - medium
-  title: SLEM 5 must enforce passwords that contain at least one lowercase character.
-  rules: []
-  status: pending
-- id: SLEM-05-611020
-  levels:
-  - medium
-  title: SLEM 5 must enforce passwords that contain at least one numeric character.
-  rules: []
-  status: pending
-- id: SLEM-05-611025
-  levels:
-  - medium
-  title: SLEM 5 must enforce passwords that contain at least one special character.
-  rules: []
-  status: pending
-- id: SLEM-05-611030
-  levels:
-  - medium
-  title: SLEM 5 must prevent the use of dictionary words for passwords.
-  rules: []
-  status: pending
-- id: SLEM-05-611035
-  levels:
-  - medium
-  title: SLEM 5 must employ passwords with a minimum of 15 characters.
-  rules: []
-  status: pending
-- id: SLEM-05-611040
-  levels:
-  - medium
-  title: SLEM 5 must require the change of at least eight of the total number of characters
-    when passwords are changed.
-  rules: []
-  status: pending
-- id: SLEM-05-611045
-  levels:
-  - medium
-  title: SLEM 5 must not allow passwords to be reused for a minimum of five generations.
-  rules: []
-  status: pending
-- id: SLEM-05-611050
-  levels:
-  - medium
-  title: SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to
-    only store encrypted representations of passwords.
-  rules: []
-  status: pending
-- id: SLEM-05-611055
-  levels:
-  - high
-  title: SLEM 5 must not be configured to allow blank or null passwords.
-  rules:
-  - sshd_disable_empty_passwords
-  status: automated
-- id: SLEM-05-611060
-  levels:
-  - high
-  title: SLEM 5 must not have accounts configured with blank or null passwords.
-  rules: []
-  status: pending
-- id: SLEM-05-611065
-  levels:
-  - medium
-  title: SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one
-    day).
-  rules: []
-  status: pending
-- id: SLEM-05-611070
-  levels:
-  - medium
-  title: SLEM 5 must employ user passwords with a maximum lifetime of 60 days.
-  rules: []
-  status: pending
-- id: SLEM-05-611075
-  levels:
-  - medium
-  title: SLEM 5 must employ a password history file.
-  rules: []
-  status: pending
-- id: SLEM-05-611080
-  levels:
-  - high
-  title: SLEM 5 must employ FIPS 140-2/140-3-approved cryptographic hashing algorithms
-    for system authentication.
-  rules: []
-  status: pending
-- id: SLEM-05-611085
-  levels:
-  - high
-  title: SLEM 5 shadow password suite must be configured to use a sufficient number
-    of hashing rounds.
-  rules: []
-  status: pending
-- id: SLEM-05-611090
-  levels:
-  - medium
-  title: SLEM 5 must employ FIPS 140-2/140-3 approved cryptographic hashing algorithm
-    for system authentication (login.defs).
-  rules: []
-  status: pending
-- id: SLEM-05-611095
-  levels:
-  - medium
-  title: SLEM 5 must be configured to create or update passwords with a minimum lifetime
-    of 24 hours (one day).
-  rules: []
-  status: pending
-- id: SLEM-05-611100
-  levels:
-  - medium
-  title: SLEM 5 must be configured to create or update passwords with a maximum lifetime
-    of 60 days.
-  rules: []
-  status: pending
-- id: SLEM-05-612010
-  levels:
-  - medium
-  title: SLEM 5 must have the packages required for multifactor authentication to
-    be installed.
-  rules: []
-  status: pending
-- id: SLEM-05-612015
-  levels:
-  - medium
-  title: SLEM 5 must implement multifactor authentication for access to privileged
-    accounts via pluggable authentication modules (PAM).
-  rules: []
-  status: pending
-- id: SLEM-05-612020
-  levels:
-  - medium
-  title: SLEM 5 must implement certificate status checking for multifactor authentication.
-  rules: []
-  status: pending
-- id: SLEM-05-631010
-  levels:
-  - medium
-  title: If Network Security Services (NSS) is being used by SLEM 5 it must prohibit
-    the use of cached authentications after one day.
-  rules: []
-  status: pending
-- id: SLEM-05-631015
-  levels:
-  - medium
-  title: SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to
-    prohibit the use of cached offline authentications after one day.
-  rules: []
-  status: pending
-- id: SLEM-05-631020
-  levels:
-  - medium
-  title: SLEM 5, for PKI-based authentication, must validate certificates by constructing
-    a certification path (which includes status information) to an accepted trust
-    anchor.
-  rules: []
-  status: pending
-- id: SLEM-05-631025
-  levels:
-  - medium
-  title: SLEM 5 must be configured to not overwrite Pluggable Authentication Modules
-    (PAM) configuration on package changes.
-  rules: []
-  status: pending
-- id: SLEM-05-651010
-  levels:
-  - medium
-  title: SLEM 5 must use a file integrity tool to verify correct operation of all
-    security functions.
-  rules: []
-  status: pending
-- id: SLEM-05-651015
-  levels:
-  - medium
-  title: SLEM 5 file integrity tool must be configured to verify Access Control Lists
-    (ACLs).
-  rules: []
-  status: pending
-- id: SLEM-05-651020
-  levels:
-  - medium
-  title: SLEM 5 file integrity tool must be configured to verify extended attributes.
-  rules: []
-  status: pending
-- id: SLEM-05-651025
-  levels:
-  - medium
-  title: SLEM 5 file integrity tool must be configured to protect the integrity of
-    the audit tools.
-  rules: []
-  status: pending
-- id: SLEM-05-651030
-  levels:
-  - medium
-  title: Advanced Intrusion Detection Environment (AIDE) must verify the baseline
-    SLEM 5 configuration at least weekly.
-  rules: []
-  status: pending
-- id: SLEM-05-651035
-  levels:
-  - medium
-  title: SLEM 5 must notify the system administrator (SA) when Advanced Intrusion
-    Detection Environment (AIDE) discovers anomalies in the operation of any security
-    functions.
-  rules: []
-  status: pending
-- id: SLEM-05-652010
-  levels:
-  - medium
-  title: SLEM 5 must offload rsyslog messages for networked systems in real time and
-    offload standalone systems at least weekly.
-  rules: []
-  status: pending
-- id: SLEM-05-653010
-  levels:
-  - medium
-  title: SLEM 5 must have the auditing package installed.
-  rules: []
-  status: pending
-- id: SLEM-05-653015
-  levels:
-  - medium
-  title: SLEM 5 audit records must contain information to establish what type of events
-    occurred, the source of events, where events occurred, and the outcome of events.
-  rules: []
-  status: pending
-- id: SLEM-05-653020
-  levels:
-  - medium
-  title: The audit-audispd-plugins package must be installed on SLEM 5.
-  rules: []
-  status: pending
-- id: SLEM-05-653025
-  levels:
-  - medium
-  title: SLEM 5 must allocate audit record storage capacity to store at least one
-    week of audit records when audit records are not immediately sent to a central
-    audit record storage facility.
-  rules:
-    - package_audit-audispd-plugins_installed
-  status: automated
-- id: SLEM-05-653030
-  levels:
-  - medium
-  title: SLEM 5 auditd service must notify the system administrator (SA) and information
-    system security officer (ISSO) immediately when audit storage capacity is 75 percent
-    full.
-  rules: []
-  status: pending
-- id: SLEM-05-653035
-  levels:
-  - medium
-  title: SLEM 5 audit system must take appropriate action when the audit storage volume
-    is full.
-  rules: []
-  status: pending
-- id: SLEM-05-653040
-  levels:
-  - medium
-  title: SLEM 5 must offload audit records onto a different system or media from the
-    system being audited.
-  rules: []
-  status: pending
-- id: SLEM-05-653045
-  levels:
-  - medium
-  title: Audispd must take appropriate action when SLEM 5 audit storage is full.
-  rules: []
-  status: pending
-- id: SLEM-05-653050
-  levels:
-  - medium
-  title: SLEM 5 must protect audit rules from unauthorized modification.
-  rules: []
-  status: pending
-- id: SLEM-05-653055
-  levels:
-  - medium
-  title: SLEM 5 audit tools must have the proper permissions configured to protect
-    against unauthorized access.
-  rules: []
-  status: pending
-- id: SLEM-05-653060
-  levels:
-  - medium
-  title: SLEM 5 audit tools must have the proper permissions applied to protect against
-    unauthorized access.
-  rules: []
-  status: pending
-- id: SLEM-05-653065
-  levels:
-  - low
-  title: SLEM 5 audit event multiplexor must be configured to use Kerberos.
-  rules: []
-  status: pending
-- id: SLEM-05-653070
-  levels:
-  - medium
-  title: Audispd must offload audit records onto a different system or media from
-    SLEM 5 being audited.
-  rules: []
-  status: pending
-- id: SLEM-05-653075
-  levels:
-  - medium
-  title: The information system security officer (ISSO) and system administrator (SA),
-    at a minimum, must have mail aliases to be notified of a SLEM 5 audit processing
-    failure.
-  rules: []
-  status: pending
-- id: SLEM-05-653080
-  levels:
-  - medium
-  title: The information system security officer (ISSO) and system administrator (SA),
-    at a minimum, must be alerted of a SLEM 5 audit processing failure event.
-  rules: []
-  status: pending
-- id: SLEM-05-654010
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chacl" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654015
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chage" command.
-  rules:
-  - audit_rules_privileged_commands_chage
-  status: automated
-- id: SLEM-05-654020
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chcon" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654025
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chfn" command.
-  rules:
-  - audit_rules_privileged_commands_chfn
-  status: automated
-- id: SLEM-05-654030
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chmod" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654035
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for a uses of the "chsh" command.
-  rules:
-  - audit_rules_privileged_commands_chsh
-  status: automated
-- id: SLEM-05-654040
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "crontab" command.
-  rules:
-  - audit_rules_privileged_commands_crontab
-  status: automated
-- id: SLEM-05-654045
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "gpasswd" command.
-  rules:
-  - audit_rules_privileged_commands_gpasswd
-  status: automated
-- id: SLEM-05-654050
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "insmod" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654055
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "kmod" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654060
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "modprobe" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654065
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "newgrp" command.
-  rules:
-  - audit_rules_privileged_commands_newgrp
-  status: automated
-- id: SLEM-05-654070
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "pam_timestamp_check"
-    command.
-  rules: []
-  status: pending
-- id: SLEM-05-654075
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "passwd" command.
-  rules:
-  - audit_rules_privileged_commands_passwd
-  status: automated
-- id: SLEM-05-654080
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "rm" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654085
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "rmmod" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654090
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "setfacl" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654095
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "ssh-agent" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654100
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "ssh-keysign" command.
-  rules:
-  - audit_rules_privileged_commands_ssh_keysign
-  status: automated
-- id: SLEM-05-654105
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "su" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654110
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "sudo" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654115
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "sudoedit" command.
-  rules:
-  - audit_rules_privileged_commands_sudoedit
-  status: automated
-- id: SLEM-05-654120
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "unix_chkpwd" or "unix2_chkpwd"
-    commands.
-  rules:
-  - audit_rules_privileged_commands_unix_chkpwd
-  status: automated
-- id: SLEM-05-654125
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "usermod" command.
-  rules: []
-  status: pending
-- id: SLEM-05-654130
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all account creations, modifications,
-    disabling, and termination events that affect /etc/group.
-  rules: []
-  status: pending
-- id: SLEM-05-654135
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all account creations, modifications,
-    disabling, and termination events that affect /etc/security/opasswd.
-  rules: []
-  status: pending
-- id: SLEM-05-654140
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all account creations, modifications,
-    disabling, and termination events that affect /etc/passwd.
-  rules:
-  - audit_rules_usergroup_modification_passwd
-  status: automated
-- id: SLEM-05-654145
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all account creations, modifications,
-    disabling, and termination events that affect /etc/shadow.
-  rules: []
-  status: pending
-- id: SLEM-05-654150
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chmod", "fchmod"
-    and "fchmodat" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654155
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "chown", "fchown",
-    "fchownat", and "lchown" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654160
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "creat", "open", "openat",
-    "open_by_handle_at", "truncate", and "ftruncate" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654165
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "delete_module" system
-    call.
-  rules: []
-  status: pending
-- id: SLEM-05-654170
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "init_module" and
-    "finit_module" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654175
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "mount" system call.
-  rules: []
-  status: pending
-- id: SLEM-05-654180
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr",
-    "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654185
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "umount" system call.
-  rules: []
-  status: pending
-- id: SLEM-05-654190
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of the "unlink", "unlinkat",
-    "rename", "renameat", and "rmdir" system calls.
-  rules: []
-  status: pending
-- id: SLEM-05-654195
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all uses of privileged functions.
-  rules: []
-  status: pending
-- id: SLEM-05-654200
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all modifications to the "lastlog"
-    file.
-  rules: []
-  status: pending
-- id: SLEM-05-654205
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for all modifications to the "tallylog"
-    file must generate an audit record.
-  rules: []
-  status: pending
-- id: SLEM-05-654210
-  levels:
-  - medium
-  title: SLEM 5 must audit all uses of the sudoers file and all files in the "/etc/sudoers.d/"
-    directory.
-  rules: []
-  status: pending
-- id: SLEM-05-654215
-  levels:
-  - medium
-  title: Successful/unsuccessful uses of "setfiles" in SLEM 5 must generate an audit
-    record.
-  rules:
-    - audit_rules_execution_setfiles
-  status: automated
-- id: SLEM-05-654220
-  levels:
-  - medium
-  title: Successful/unsuccessful uses of "semanage" in SLEM 5 must generate an audit
-    record.
-    - package_policycoreutils-python-utils_installed
-    - audit_rules_execution_semanage
-  status: automated
-- id: SLEM-05-654225
-  levels:
-  - medium
-  title: Successful/unsuccessful uses of "setsebool" in SLEM 5 must generate an audit
-    record.
-  rules:
-    - audit_rules_execution_setsebool
-  status: automated
-- id: SLEM-05-654230
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for the "/run/utmp file".
-  rules: []
-  status: pending
-- id: SLEM-05-654235
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for the "/var/log/btmp" file.
-  rules: []
-  status: pending
-- id: SLEM-05-654240
-  levels:
-  - medium
-  title: SLEM 5 must generate audit records for the "/var/log/wtmp" file.
-  rules: []
-  status: pending
-- id: SLEM-05-654245
-  levels:
-  - medium
-  title: SLEM 5 must not disable syscall auditing.
-  rules: []
-  status: pending
-- id: SLEM-05-671010
-  levels:
-  - high
-  title: FIPS 140-2/140-3 mode must be enabled on SLEM 5.
-  rules: []
-  status: pending
+    - id: SLEM-05-211010
+      levels:
+          - high
+      title: SLEM 5 must be a vendor-supported release.
+      rules:
+          - installed_OS_is_vendor_supported
+      status: automated
+    
+    - id: SLEM-05-211015
+      levels:
+          - medium
+      title: SLEM 5 must implement an endpoint security tool.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-211020
+      levels:
+          - medium
+      title:
+          SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner
+          before granting any local or remote connection to the system.
+      rules:
+          - sshd_enable_warning_banner
+      status: automated
+    
+    - id: SLEM-05-211025
+      levels:
+          - high
+      title: SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-212010
+      levels:
+          - high
+      title:
+          SLEM 5 with a basic input/output system (BIOS) must require authentication
+          upon booting into single-user and maintenance modes.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-212015
+      levels:
+          - high
+      title:
+          SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must
+          require authentication upon booting into single-user mode and maintenance.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-213010
+      levels:
+          - medium
+      title: SLEM 5 must restrict access to the kernel message buffer.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-213015
+      levels:
+          - medium
+      title: SLEM 5 kernel core dumps must be disabled unless needed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-213020
+      levels:
+          - medium
+      title:
+          Address space layout randomization (ASLR) must be implemented by SLEM 5 to
+          protect memory from unauthorized code execution.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-213025
+      levels:
+          - medium
+      title:
+          SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel
+          addresses.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-214010
+      levels:
+          - medium
+      title:
+          Vendor-packaged SLEM 5 security patches and updates must be installed and
+          up to date.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-214015
+      levels:
+          - high
+      title: The SLEM 5 tool zypper must have gpgcheck enabled.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-214020
+      levels:
+          - medium
+      title:
+          SLEM 5 must remove all outdated software components after updated versions
+          have been installed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-215010
+      levels:
+          - medium
+      title: SLEM 5 must use vlock to allow for session locking.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-215015
+      levels:
+          - high
+      title: SLEM 5 must not have the telnet-server package installed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231010
+      levels:
+          - medium
+      title:
+          A separate file system must be used for SLEM 5 user home directories (such
+          as /home or an equivalent).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231015
+      levels:
+          - medium
+      title: SLEM 5 must use a separate file system for /var.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231020
+      levels:
+          - medium
+      title: SLEM 5 must use a separate file system for the system audit data path.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231025
+      levels:
+          - medium
+      title:
+          SLEM 5 file systems that are being imported via Network File System (NFS)
+          must be mounted to prevent files with the setuid and setgid bit set from being
+          executed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231030
+      levels:
+          - medium
+      title:
+          SLEM 5 file systems that are being imported via Network File System (NFS)
+          must be mounted to prevent binary files from being executed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231035
+      levels:
+          - medium
+      title:
+          SLEM 5 file systems that are used with removable media must be mounted to
+          prevent files with the setuid and setgid bit set from being executed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231040
+      levels:
+          - high
+      title:
+          All SLEM 5 persistent disk partitions must implement cryptographic mechanisms
+          to prevent unauthorized disclosure or modification of all information that requires
+          at-rest protection.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231045
+      levels:
+          - medium
+      title:
+          SLEM 5 file systems that contain user home directories must be mounted to
+          prevent files with the setuid and setgid bit set from being executed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-231050
+      levels:
+          - medium
+      title: SLEM 5 must disable the file system automounter unless required.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232010
+      levels:
+          - medium
+      title:
+          SLEM 5 must have directories that contain system commands set to a mode of
+          755 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232015
+      levels:
+          - medium
+      title: SLEM 5 must have system commands set to a mode of 755 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232020
+      levels:
+          - medium
+      title: SLEM 5 library directories must have mode 755 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232025
+      levels:
+          - medium
+      title: SLEM 5 library files must have mode 755 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232030
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive user home directories must have mode 750 or
+          less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232035
+      levels:
+          - medium
+      title: All SLEM 5 local initialization files must have mode 740 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232040
+      levels:
+          - medium
+      title: SLEM 5 SSH daemon public host key files must have mode 644 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232045
+      levels:
+          - medium
+      title: SLEM 5 SSH daemon private host key files must have mode 640 or less permissive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232050
+      levels:
+          - medium
+      title: SLEM 5 library files must be owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232055
+      levels:
+          - medium
+      title: SLEM 5 library files must be group-owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232060
+      levels:
+          - medium
+      title: SLEM 5 library directories must be owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232065
+      levels:
+          - medium
+      title: SLEM 5 library directories must be group-owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232070
+      levels:
+          - medium
+      title: SLEM 5 must have system commands owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232075
+      levels:
+          - medium
+      title: SLEM 5 must have system commands group-owned by root or a system account.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232080
+      levels:
+          - medium
+      title: SLEM 5 must have directories that contain system commands owned by root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232085
+      levels:
+          - medium
+      title:
+          SLEM 5 must have directories that contain system commands group-owned by
+          root.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232090
+      levels:
+          - medium
+      title: All SLEM 5 files and directories must have a valid owner.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232095
+      levels:
+          - medium
+      title: All SLEM 5 files and directories must have a valid group owner.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232100
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive user home directories must be group-owned by
+          the home directory owner's primary group.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232105
+      levels:
+          - medium
+      title:
+          All SLEM 5 world-writable directories must be group-owned by root, sys, bin,
+          or an application group.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232110
+      levels:
+          - medium
+      title: The sticky bit must be set on all SLEM 5 world-writable directories.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232115
+      levels:
+          - medium
+      title: SLEM 5 must prevent unauthorized users from accessing system error messages.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-232120
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate error messages that provide information necessary for
+          corrective actions without revealing information that could be exploited by adversaries.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-251010
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured to prohibit or restrict the use of functions, ports,
+          protocols, and/or services as defined in the Ports, Protocols, and Services Management
+          (PPSM) Category Assignments List (CAL) and vulnerability assessments.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-252010
+      levels:
+          - medium
+      title:
+          SLEM 5 clock must, for networked systems, be synchronized to an authoritative
+          DOD time source at least every 24 hours.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-252015
+      levels:
+          - medium
+      title:
+          SLEM 5 must not have network interfaces in promiscuous mode unless approved
+          and documented.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253010
+      levels:
+          - medium
+      title:
+          SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed
+          packets.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253015
+      levels:
+          - medium
+      title:
+          SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed
+          packets by default.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253020
+      levels:
+          - medium
+      title:
+          SLEM 5 must prevent Internet Protocol version 4 (IPv4) Internet Control Message
+          Protocol (ICMP) redirect messages from being accepted.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253025
+      levels:
+          - medium
+      title:
+          SLEM 5 must not allow interfaces to accept Internet Protocol version 4 (IPv4)
+          Internet Control Message Protocol (ICMP) redirect messages by default.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253030
+      levels:
+          - medium
+      title:
+          SLEM 5 must not send Internet Protocol version 4 (IPv4) Internet Control
+          Message Protocol (ICMP) redirects.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253035
+      levels:
+          - medium
+      title:
+          SLEM 5 must not allow interfaces to send Internet Protocol version 4 (IPv4)
+          Internet Control Message Protocol (ICMP) redirect messages by default.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253040
+      levels:
+          - medium
+      title:
+          SLEM 5 must not be performing Internet Protocol version 4 (IPv4) packet forwarding
+          unless the system is a router.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-253045
+      levels:
+          - medium
+      title: SLEM 5 must be configured to use TCP syncookies.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254010
+      levels:
+          - medium
+      title:
+          SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed
+          packets.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254015
+      levels:
+          - medium
+      title:
+          SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed
+          packets by default.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254020
+      levels:
+          - medium
+      title:
+          SLEM 5 must prevent Internet Protocol version 6 (IPv6) Internet Control Message
+          Protocol (ICMP) redirect messages from being accepted.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254025
+      levels:
+          - medium
+      title:
+          SLEM 5 must not allow interfaces to accept Internet Protocol version 6 (IPv6)
+          Internet Control Message Protocol (ICMP) redirect messages by default.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254030
+      levels:
+          - medium
+      title:
+          SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding
+          unless the system is a router.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-254035
+      levels:
+          - medium
+      title:
+          SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding
+          by default unless the system is a router.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255010
+      levels:
+          - high
+      title:
+          SLEM 5 must have SSH installed to protect the confidentiality and integrity
+          of transmitted information.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255015
+      levels:
+          - high
+      title:
+          SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted
+          information.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255020
+      levels:
+          - medium
+      title:
+          SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner
+          before granting access via SSH.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255025
+      levels:
+          - high
+      title: SLEM 5 must not allow unattended or automatic logon via SSH.
+      rules:
+          - sshd_disable_empty_passwords
+          - sshd_do_not_permit_user_env
+      status: automated
+    
+    - id: SLEM-05-255030
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured so that all network connections associated with
+          SSH traffic terminate after becoming unresponsive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255035
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured so that all network connections associated with
+          SSH traffic are terminated after 10 minutes of becoming unresponsive.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255040
+      levels:
+          - medium
+      title:
+          SLEM 5 SSH daemon must disable forwarded remote X connections for interactive
+          users, unless to fulfill documented and validated mission requirements.
+      rules:
+          - sshd_disable_x11_forwarding
+      status: automated
+    
+    - id: SLEM-05-255045
+      levels:
+          - high
+      title:
+          SLEM 5 must implement DOD-approved encryption to protect the confidentiality
+          of SSH remote connections.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255050
+      levels:
+          - high
+      title:
+          SLEM 5 SSH daemon must be configured to only use Message Authentication Codes
+          (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255055
+      levels:
+          - high
+      title:
+          SLEM 5 SSH server must be configured to use only FIPS 140-2/140-3 validated
+          key exchange algorithms.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255060
+      levels:
+          - medium
+      title:
+          SLEM 5 must deny direct logons to the root account using remote access via
+          SSH.
+      rules:
+          - sshd_disable_root_login
+      status: automated
+    
+    - id: SLEM-05-255065
+      levels:
+          - medium
+      title: SLEM 5 must log SSH connection attempts and failures to the server.
+      rules:
+          - sshd_set_loglevel_verbose
+      status: automated
+    
+    - id: SLEM-05-255070
+      levels:
+          - medium
+      title:
+          SLEM 5 must display the date and time of the last successful account logon
+          upon an SSH logon.
+      rules:
+          - sshd_print_last_log
+      status: automated
+    
+    - id: SLEM-05-255075
+      levels:
+          - medium
+      title:
+          SLEM 5 SSH daemon must be configured to not allow authentication using known
+          hosts authentication.
+      rules:
+          - sshd_disable_user_known_hosts
+      status: automated
+    
+    - id: SLEM-05-255080
+      levels:
+          - medium
+      title:
+          SLEM 5 SSH daemon must perform strict mode checking of home directory configuration
+          files.
+      rules:
+          - sshd_enable_strictmodes
+      status: automated
+    
+    - id: SLEM-05-255085
+      levels:
+          - medium
+      title:
+          SLEM 5, for PKI-based authentication, must enforce authorized access to the
+          corresponding private key.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255090
+      levels:
+          - high
+      title: There must be no .shosts files on SLEM 5.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-255095
+      levels:
+          - high
+      title: There must be no shosts.equiv files on SLEM 5.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-272010
+      levels:
+          - high
+      title:
+          SLEM 5 must not allow unattended or automatic logon via the graphical user
+          interface (GUI).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-291010
+      levels:
+          - medium
+      title: SLEM 5 wireless network adapters must be disabled unless approved and documented.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-291015
+      levels:
+          - medium
+      title: SLEM 5 must disable the USB mass storage kernel module.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411010
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive user accounts, upon creation, must be assigned
+          a home directory.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411015
+      levels:
+          - medium
+      title:
+          SLEM 5 default permissions must be defined in such a way that all authenticated
+          users can only read and modify their own files.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411020
+      levels:
+          - medium
+      title:
+          SLEM 5 shadow password suite must be configured to enforce a delay of at
+          least five seconds between logon prompts following a failed logon attempt.
+      rules:
+        - accounts_logon_fail_delay
+        - var_accounts_fail_delay=5
+      status: automated
+    
+    - id: SLEM-05-411025
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive users must have a home directory assigned in
+          the /etc/passwd file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411030
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive user home directories defined in the /etc/passwd
+          file must exist.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411035
+      levels:
+          - medium
+      title:
+          All SLEM 5 local interactive user initialization files executable search
+          paths must contain only paths that resolve to the users' home directory.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411040
+      levels:
+          - medium
+      title: All SLEM 5 local initialization files must not execute world-writable programs.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411045
+      levels:
+          - medium
+      title: SLEM 5 must automatically expire temporary accounts within 72 hours.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411050
+      levels:
+          - medium
+      title:
+          SLEM 5 must never automatically remove or disable emergency administrator
+          accounts.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411055
+      levels:
+          - medium
+      title: SLEM 5 must not have unnecessary accounts.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411060
+      levels:
+          - medium
+      title: SLEM 5 must not have unnecessary account capabilities.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411065
+      levels:
+          - high
+      title:
+          SLEM 5 root account must be the only account with unrestricted access to
+          the system.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411070
+      levels:
+          - medium
+      title:
+          SLEM 5 must disable account identifiers (individuals, groups, roles, and
+          devices) after 35 days of inactivity after password expiration.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-411075
+      levels:
+          - medium
+      title: SLEM 5 must not have duplicate User IDs (UIDs) for interactive users.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-412010
+      levels:
+          - medium
+      title:
+          SLEM 5 must display the date and time of the last successful account logon
+          upon logon.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-412015
+      levels:
+          - medium
+      title: SLEM 5 must initiate a session lock after a 15-minute period of inactivity.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-412020
+      levels:
+          - medium
+      title: SLEM 5 must lock an account after three consecutive invalid access attempts.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-412025
+      levels:
+          - medium
+      title:
+          SLEM 5 must enforce a delay of at least five seconds between logon prompts
+          following a failed logon attempt via pluggable authentication modules (PAM).
+      rules:
+        - accounts_passwords_pam_faildelay_delay
+        - var_password_pam_delay=4000000
+      status: automated
+  
+    - id: SLEM-05-412030
+      levels:
+          - medium
+      title: SLEM 5 must use the default pam_tally2 tally directory.
+      rules: 
+        - accounts_passwords_pam_tally2_file
+        - accounts_passwords_pam_tally2_file_selinux
+      status: automated
+    
+    - id: SLEM-05-412035
+      levels:
+          - low
+      title:
+          SLEM 5 must limit the number of concurrent sessions to 10 for all accounts
+          and/or account types.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-431010
+      levels:
+          - low
+      title: SLEM 5 must have policycoreutils package installed.
+      rules:
+        - package_policycoreutils_installed
+      status: automated
+    
+    - id: SLEM-05-431015
+      levels:
+          - high
+      title:
+          SLEM 5 must use a Linux Security Module configured to enforce limits on system
+          services.
+      rules:
+        - selinux_state
+        - var_selinux_state=enforcing
+      status: automated
+    
+    - id: SLEM-05-431020
+      levels:
+          - medium
+      title: SLEM 5 must enable the SELinux targeted policy.
+      rules:
+        - selinux_policytype
+        - var_selinux_policy_name=targeted
+      status: automated
+    
+    - id: SLEM-05-431025
+      levels:
+          - medium
+      title:
+          SLEM 5 must prevent nonprivileged users from executing privileged functions,
+          including disabling, circumventing, or altering implemented security safeguards/countermeasures.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-432010
+      levels:
+          - medium
+      title:
+          SLEM 5 must use the invoking user's password for privilege escalation when
+          using "sudo".
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-432015
+      levels:
+          - medium
+      title:
+          SLEM 5 must reauthenticate users when changing authenticators, roles, or
+          escalating privileges.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-432020
+      levels:
+          - medium
+      title: SLEM 5 must require reauthentication when using the "sudo" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-432025
+      levels:
+          - medium
+      title: SLEM 5 must restrict privilege elevation to authorized personnel.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-432030
+      levels:
+          - medium
+      title:
+          SLEM 5 must specify the default "include" directory for the /etc/sudoers
+          file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611010
+      levels:
+          - medium
+      title: SLEM 5 must enforce passwords that contain at least one uppercase character.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611015
+      levels:
+          - medium
+      title: SLEM 5 must enforce passwords that contain at least one lowercase character.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611020
+      levels:
+          - medium
+      title: SLEM 5 must enforce passwords that contain at least one numeric character.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611025
+      levels:
+          - medium
+      title: SLEM 5 must enforce passwords that contain at least one special character.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611030
+      levels:
+          - medium
+      title: SLEM 5 must prevent the use of dictionary words for passwords.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611035
+      levels:
+          - medium
+      title: SLEM 5 must employ passwords with a minimum of 15 characters.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611040
+      levels:
+          - medium
+      title:
+          SLEM 5 must require the change of at least eight of the total number of characters
+          when passwords are changed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611045
+      levels:
+          - medium
+      title: SLEM 5 must not allow passwords to be reused for a minimum of five generations.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611050
+      levels:
+          - medium
+      title:
+          SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to
+          only store encrypted representations of passwords.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611055
+      levels:
+          - high
+      title: SLEM 5 must not be configured to allow blank or null passwords.
+      rules:
+          - sshd_disable_empty_passwords
+      status: automated
+    
+    - id: SLEM-05-611060
+      levels:
+          - high
+      title: SLEM 5 must not have accounts configured with blank or null passwords.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611065
+      levels:
+          - medium
+      title:
+          SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one
+          day).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611070
+      levels:
+          - medium
+      title: SLEM 5 must employ user passwords with a maximum lifetime of 60 days.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611075
+      levels:
+          - medium
+      title: SLEM 5 must employ a password history file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611080
+      levels:
+          - high
+      title:
+          SLEM 5 must employ FIPS 140-2/140-3-approved cryptographic hashing algorithms
+          for system authentication.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611085
+      levels:
+          - high
+      title:
+          SLEM 5 shadow password suite must be configured to use a sufficient number
+          of hashing rounds.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611090
+      levels:
+          - medium
+      title:
+          SLEM 5 must employ FIPS 140-2/140-3 approved cryptographic hashing algorithm
+          for system authentication (login.defs).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611095
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured to create or update passwords with a minimum lifetime
+          of 24 hours (one day).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-611100
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured to create or update passwords with a maximum lifetime
+          of 60 days.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-612010
+      levels:
+          - medium
+      title:
+          SLEM 5 must have the packages required for multifactor authentication to
+          be installed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-612015
+      levels:
+          - medium
+      title:
+          SLEM 5 must implement multifactor authentication for access to privileged
+          accounts via pluggable authentication modules (PAM).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-612020
+      levels:
+          - medium
+      title: SLEM 5 must implement certificate status checking for multifactor authentication.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-631010
+      levels:
+          - medium
+      title:
+          If Network Security Services (NSS) is being used by SLEM 5 it must prohibit
+          the use of cached authentications after one day.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-631015
+      levels:
+          - medium
+      title:
+          SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to
+          prohibit the use of cached offline authentications after one day.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-631020
+      levels:
+          - medium
+      title:
+          SLEM 5, for PKI-based authentication, must validate certificates by constructing
+          a certification path (which includes status information) to an accepted trust
+          anchor.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-631025
+      levels:
+          - medium
+      title:
+          SLEM 5 must be configured to not overwrite Pluggable Authentication Modules
+          (PAM) configuration on package changes.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651010
+      levels:
+          - medium
+      title:
+          SLEM 5 must use a file integrity tool to verify correct operation of all
+          security functions.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651015
+      levels:
+          - medium
+      title:
+          SLEM 5 file integrity tool must be configured to verify Access Control Lists
+          (ACLs).
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651020
+      levels:
+          - medium
+      title: SLEM 5 file integrity tool must be configured to verify extended attributes.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651025
+      levels:
+          - medium
+      title:
+          SLEM 5 file integrity tool must be configured to protect the integrity of
+          the audit tools.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651030
+      levels:
+          - medium
+      title:
+          Advanced Intrusion Detection Environment (AIDE) must verify the baseline
+          SLEM 5 configuration at least weekly.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-651035
+      levels:
+          - medium
+      title:
+          SLEM 5 must notify the system administrator (SA) when Advanced Intrusion
+          Detection Environment (AIDE) discovers anomalies in the operation of any security
+          functions.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-652010
+      levels:
+          - medium
+      title:
+          SLEM 5 must offload rsyslog messages for networked systems in real time and
+          offload standalone systems at least weekly.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653010
+      levels:
+          - medium
+      title: SLEM 5 must have the auditing package installed.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653015
+      levels:
+          - medium
+      title:
+          SLEM 5 audit records must contain information to establish what type of events
+          occurred, the source of events, where events occurred, and the outcome of events.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653020
+      levels:
+          - medium
+      title: The audit-audispd-plugins package must be installed on SLEM 5.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653025
+      levels:
+          - medium
+      title:
+          SLEM 5 must allocate audit record storage capacity to store at least one
+          week of audit records when audit records are not immediately sent to a central
+          audit record storage facility.
+      rules:
+        - package_audit-audispd-plugins_installed
+      status: automated
+    
+    - id: SLEM-05-653030
+      levels:
+          - medium
+      title:
+          SLEM 5 auditd service must notify the system administrator (SA) and information
+          system security officer (ISSO) immediately when audit storage capacity is 75 percent
+          full.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653035
+      levels:
+          - medium
+      title:
+          SLEM 5 audit system must take appropriate action when the audit storage volume
+          is full.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653040
+      levels:
+          - medium
+      title:
+          SLEM 5 must offload audit records onto a different system or media from the
+          system being audited.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653045
+      levels:
+          - medium
+      title: Audispd must take appropriate action when SLEM 5 audit storage is full.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653050
+      levels:
+          - medium
+      title: SLEM 5 must protect audit rules from unauthorized modification.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653055
+      levels:
+          - medium
+      title:
+          SLEM 5 audit tools must have the proper permissions configured to protect
+          against unauthorized access.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653060
+      levels:
+          - medium
+      title:
+          SLEM 5 audit tools must have the proper permissions applied to protect against
+          unauthorized access.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653065
+      levels:
+          - low
+      title: SLEM 5 audit event multiplexor must be configured to use Kerberos.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653070
+      levels:
+          - medium
+      title:
+          Audispd must offload audit records onto a different system or media from
+          SLEM 5 being audited.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653075
+      levels:
+          - medium
+      title:
+          The information system security officer (ISSO) and system administrator (SA),
+          at a minimum, must have mail aliases to be notified of a SLEM 5 audit processing
+          failure.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-653080
+      levels:
+          - medium
+      title:
+          The information system security officer (ISSO) and system administrator (SA),
+          at a minimum, must be alerted of a SLEM 5 audit processing failure event.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654010
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "chacl" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654015
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "chage" command.
+      rules:
+          - audit_rules_privileged_commands_chage
+      status: automated
+    
+    - id: SLEM-05-654020
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "chcon" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654025
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "chfn" command.
+      rules:
+          - audit_rules_privileged_commands_chfn
+      status: automated
+    
+    - id: SLEM-05-654030
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "chmod" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654035
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for a uses of the "chsh" command.
+      rules:
+          - audit_rules_privileged_commands_chsh
+      status: automated
+    
+    - id: SLEM-05-654040
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "crontab" command.
+      rules:
+          - audit_rules_privileged_commands_crontab
+      status: automated
+    
+    - id: SLEM-05-654045
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "gpasswd" command.
+      rules:
+          - audit_rules_privileged_commands_gpasswd
+      status: automated
+    
+    - id: SLEM-05-654050
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "insmod" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654055
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "kmod" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654060
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "modprobe" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654065
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "newgrp" command.
+      rules:
+          - audit_rules_privileged_commands_newgrp
+      status: automated
+    
+    - id: SLEM-05-654070
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "pam_timestamp_check"
+          command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654075
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "passwd" command.
+      rules:
+          - audit_rules_privileged_commands_passwd
+      status: automated
+    
+    - id: SLEM-05-654080
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "rm" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654085
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "rmmod" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654090
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "setfacl" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654095
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "ssh-agent" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654100
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "ssh-keysign" command.
+      rules:
+          - audit_rules_privileged_commands_ssh_keysign
+      status: automated
+    
+    - id: SLEM-05-654105
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "su" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654110
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "sudo" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654115
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "sudoedit" command.
+      rules:
+          - audit_rules_privileged_commands_sudoedit
+      status: automated
+    
+    - id: SLEM-05-654120
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "unix_chkpwd" or "unix2_chkpwd"
+          commands.
+      rules:
+          - audit_rules_privileged_commands_unix_chkpwd
+      status: automated
+    
+    - id: SLEM-05-654125
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "usermod" command.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654130
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all account creations, modifications,
+          disabling, and termination events that affect /etc/group.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654135
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all account creations, modifications,
+          disabling, and termination events that affect /etc/security/opasswd.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654140
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all account creations, modifications,
+          disabling, and termination events that affect /etc/passwd.
+      rules:
+          - audit_rules_usergroup_modification_passwd
+      status: automated
+    
+    - id: SLEM-05-654145
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all account creations, modifications,
+          disabling, and termination events that affect /etc/shadow.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654150
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "chmod", "fchmod"
+          and "fchmodat" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654155
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "chown", "fchown",
+          "fchownat", and "lchown" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654160
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "creat", "open", "openat",
+          "open_by_handle_at", "truncate", and "ftruncate" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654165
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "delete_module" system
+          call.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654170
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "init_module" and
+          "finit_module" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654175
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "mount" system call.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654180
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr",
+          "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654185
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of the "umount" system call.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654190
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all uses of the "unlink", "unlinkat",
+          "rename", "renameat", and "rmdir" system calls.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654195
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for all uses of privileged functions.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654200
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all modifications to the "lastlog"
+          file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654205
+      levels:
+          - medium
+      title:
+          SLEM 5 must generate audit records for all modifications to the "tallylog"
+          file must generate an audit record.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654210
+      levels:
+          - medium
+      title:
+          SLEM 5 must audit all uses of the sudoers file and all files in the "/etc/sudoers.d/"
+          directory.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654215
+      levels:
+          - medium
+      title:
+          Successful/unsuccessful uses of "setfiles" in SLEM 5 must generate an audit
+          record.
+      rules:
+        - audit_rules_execution_setfiles
+      status: automated
+    
+    - id: SLEM-05-654220
+      levels:
+          - medium
+      title:
+          Successful/unsuccessful uses of "semanage" in SLEM 5 must generate an audit
+          record.
+      rules:
+        - package_policycoreutils-python-utils_installed
+        - audit_rules_execution_semanage
+      status: automated
+    
+    - id: SLEM-05-654225
+      levels:
+          - medium
+      title:
+          Successful/unsuccessful uses of "setsebool" in SLEM 5 must generate an audit
+          record.
+      rules:
+        - audit_rules_execution_setsebool
+      status: automated
+    
+    - id: SLEM-05-654230
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for the "/run/utmp file".
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654235
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for the "/var/log/btmp" file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654240
+      levels:
+          - medium
+      title: SLEM 5 must generate audit records for the "/var/log/wtmp" file.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-654245
+      levels:
+          - medium
+      title: SLEM 5 must not disable syscall auditing.
+      rules: []
+      status: pending
+    
+    - id: SLEM-05-671010
+      levels:
+          - high
+      title: FIPS 140-2/140-3 mode must be enabled on SLEM 5.
+      rules: []
+      status: pending

From 0ba9194951825aef47d7c457df985dd27010a9f6 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 24 Jul 2024 16:43:48 +0300
Subject: [PATCH 03/18] Update rule audit_rules_privileged_commands_ssh_agent
 to support slmicro5

---
 controls/stig_slmicro5.yml                                     | 3 ++-
 .../audit_rules_privileged_commands_ssh_agent/rule.yml         | 2 ++
 shared/references/cce-slmicro5-avail.txt                       | 1 -
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 5ca4744b924..0733c1c2d0b 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1501,7 +1501,8 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "ssh-agent" command.
-      rules: []
+      rules:
+          - audit_rules_privileged_commands_ssh_agent
       status: pending
     
     - id: SLEM-05-654100
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
index c45d4f8f875..7f9462dbf9f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
@@ -32,6 +32,7 @@ identifiers:
     cce@rhel10: CCE-90081-1
     cce@sle12: CCE-83199-0
     cce@sle15: CCE-85590-8
+    cce@slmicro5: CCE-93611-2
 
 references:
     cis@ubuntu2004: 4.1.11
@@ -43,6 +44,7 @@ references:
     stigid@rhel8: RHEL-08-030280
     stigid@sle12: SLES-12-020310
     stigid@sle15: SLES-15-030370
+    stigid@slmicro5:  SLEM-05-654095
     stigid@ubuntu2004: UBTU-20-010140
     stigid@ubuntu2204: UBTU-22-654090
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 69401ba14a8..b6c44b919b0 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93611-2
 CCE-93612-0
 CCE-93613-8
 CCE-93614-6

From c597721412571a165167fde475144d3dd223aef6 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 24 Jul 2024 16:52:32 +0300
Subject: [PATCH 04/18] Update rule audit_rules_privileged_commands_insmod to
 support slmicro5

---
 controls/stig_slmicro5.yml                                 | 7 ++++---
 .../ansible/shared.yml                                     | 2 +-
 .../audit_rules_privileged_commands_insmod/bash/shared.sh  | 2 +-
 .../audit_rules_privileged_commands_insmod/rule.yml        | 2 ++
 shared/references/cce-slmicro5-avail.txt                   | 1 -
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 0733c1c2d0b..665d226ff3e 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1434,8 +1434,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "insmod" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_insmod
+      status: automated
     
     - id: SLEM-05-654055
       levels:
@@ -1503,7 +1504,7 @@ controls:
       title: SLEM 5 must generate audit records for all uses of the "ssh-agent" command.
       rules:
           - audit_rules_privileged_commands_ssh_agent
-      status: pending
+      status: automated
     
     - id: SLEM-05-654100
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
index 5baa999e723..6c114c13c01 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
index d9f12fbe2d7..f4fff81811d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index f1da2c3427b..52292a14ccf 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -29,6 +29,7 @@ identifiers:
     cce@rhel8: CCE-85919-9
     cce@sle12: CCE-92258-3
     cce@sle15: CCE-85744-1
+    cce@slmicro5: CCE-93612-0
 
 references:
     cis@sle12: 4.1.16
@@ -39,6 +40,7 @@ references:
     nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030380
+    stigid@slmicro5: SLEM-05-654050
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index b6c44b919b0..c37210c2ec8 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93612-0
 CCE-93613-8
 CCE-93614-6
 CCE-93615-3

From 7e50d4813a679ba21d8bb86fd736a2867d881cd1 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Wed, 24 Jul 2024 17:02:26 +0300
Subject: [PATCH 05/18] Update rule audit_rules_privileged_commands_rmmod to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_privileged_commands_rmmod/ansible/shared.yml | 2 +-
 .../audit_rules_privileged_commands_rmmod/bash/shared.sh     | 2 +-
 .../audit_rules_privileged_commands_rmmod/rule.yml           | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 665d226ff3e..a2d790fb401 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1488,8 +1488,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "rmmod" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_rmmod
+      status: automated
     
     - id: SLEM-05-654090
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
index f3c3324e2e1..7e18fe43523 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
index afade41bccb..09092394af6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index f1224cdec0b..1171e93eb62 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel10: CCE-88804-0
     cce@sle12: CCE-92256-7
     cce@sle15: CCE-85732-6
+    cce@slmicro5: CCE-93613-8
 
 references:
     cis@sle12: 4.1.16
@@ -40,6 +41,7 @@ references:
     nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030390
+    stigid@slmicro5: SLEM-05-654085
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index c37210c2ec8..f6abd81b223 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93613-8
 CCE-93614-6
 CCE-93615-3
 CCE-93616-1

From e1b235298a440c802575e162e7d971b6a307173a Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:11:43 +0300
Subject: [PATCH 06/18] Update rule audit_rules_privileged_commands_modprobe to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../ansible/shared.yml                                       | 2 +-
 .../audit_rules_privileged_commands_modprobe/bash/shared.sh  | 2 +-
 .../audit_rules_privileged_commands_modprobe/rule.yml        | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index a2d790fb401..ecdedf52c36 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1449,8 +1449,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "modprobe" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_modprobe
+      status: automated
     
     - id: SLEM-05-654065
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
index 8f61ee32a14..44feb6dc464 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
index 59dbba17482..dbcfa07a646 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index edfa5518e34..2dbfeaee43f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -34,6 +34,7 @@ identifiers:
     cce@rhel10: CCE-89893-2
     cce@sle12: CCE-92257-5
     cce@sle15: CCE-85731-8
+    cce@slmicro5: CCE-93614-6
 
 references:
     cis@sle12: 4.1.16
@@ -44,6 +45,7 @@ references:
     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030400
+    stigid@slmicro5: SLEM-05-654060
     stigid@ubuntu2004: UBTU-20-010296
     stigid@ubuntu2204: UBTU-22-654060
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index f6abd81b223..b5db2801fe7 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93614-6
 CCE-93615-3
 CCE-93616-1
 CCE-93617-9

From 61816ce9e728536c015a61c8b4c445f0f09393c9 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:16:33 +0300
Subject: [PATCH 07/18] Update rule audit_rules_privileged_commands_kmod to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_privileged_commands_kmod/rule.yml            | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index ecdedf52c36..d86cd14a76e 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1442,8 +1442,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "kmod" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_kmod
+      status: automated
     
     - id: SLEM-05-654060
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index dfddafcb9dd..6d1017a9b2d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -38,6 +38,7 @@ identifiers:
     cce@rhel10: CCE-86727-5
     cce@sle12: CCE-83207-1
     cce@sle15: CCE-85591-6
+    cce@slmicro5: CCE-93615-3
 
 references:
     disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
@@ -48,6 +49,7 @@ references:
     stigid@rhel8: RHEL-08-030580
     stigid@sle12: SLES-12-020360
     stigid@sle15: SLES-15-030410
+    stigid@slmicro5: SLEM-05-654055
     stigid@ubuntu2004: UBTU-20-010297
     stigid@ubuntu2204: UBTU-22-654055
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index b5db2801fe7..87cf14bf3f8 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93615-3
 CCE-93616-1
 CCE-93617-9
 CCE-93618-7

From 1737aa985e2634d29adff146c20c7aded92a9ea2 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:19:29 +0300
Subject: [PATCH 08/18] Update rule audit_rules_execution_chmod to support
 slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_execution_chmod/rule.yml                     | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index d86cd14a76e..ada6cf92ddd 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1403,8 +1403,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "chmod" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_execution_chmod
+      status: automated
     
     - id: SLEM-05-654035
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
index 8d957021c3a..650553f6cb9 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
@@ -29,6 +29,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83214-7
     cce@sle15: CCE-85593-2
+    cce@slmicro5: CCE-93616-1
 
 references:
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
@@ -36,6 +37,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle12: SLES-12-020600
     stigid@sle15: SLES-15-030420
+    stigid@slmicro5: SLEM-05-654030
 
 ocil: |-
     To verify that execution of the command is being audited, run the following command:
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 87cf14bf3f8..2026618dd48 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93616-1
 CCE-93617-9
 CCE-93618-7
 CCE-93619-5

From 94208ecb322ba4262759e56cebe8f7ba78a1dd25 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:25:20 +0300
Subject: [PATCH 09/18] Update rule audit_rules_execution_setfacl to support
 slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_execution_setfacl/rule.yml                   | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index ada6cf92ddd..c06ddb965c3 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1499,8 +1499,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "setfacl" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_execution_setfacl
+      status: automated
     
     - id: SLEM-05-654095
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index fc26aa00182..71664ded787 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel10: CCE-87662-3
     cce@sle12: CCE-83189-1
     cce@sle15: CCE-85594-0
+    cce@slmicro5: CCE-93617-9
 
 references:
     cis@ubuntu2204: 4.1.3.16
@@ -40,6 +41,7 @@ references:
     stigid@rhel8: RHEL-08-030330
     stigid@sle12: SLES-12-020610
     stigid@sle15: SLES-15-030430
+    stigid@slmicro5: SLEM-05-654090
     stigid@ubuntu2004: UBTU-20-010167
     stigid@ubuntu2204: UBTU-22-654085
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 2026618dd48..2cf66ca31d7 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93617-9
 CCE-93618-7
 CCE-93619-5
 CCE-93620-3

From 00e4beebb167c4c3c18d41a33d6609591d38c75c Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:27:49 +0300
Subject: [PATCH 10/18] Update rule audit_rules_execution_chacl to support
 slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_execution_chacl/rule.yml                     | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index c06ddb965c3..bc06e155e5a 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1373,8 +1373,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "chacl" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_execution_chacl
+      status: automated
     
     - id: SLEM-05-654015
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index 3d2b1fef656..cd4eb5ecce1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -31,6 +31,7 @@ identifiers:
     cce@rhel10: CCE-88467-6
     cce@sle12: CCE-83190-9
     cce@sle15: CCE-85595-7
+    cce@slmicro5: CCE-93618-7
 
 references:
     cis@ubuntu2204: 4.1.3.17
@@ -41,6 +42,7 @@ references:
     stigid@rhel8: RHEL-08-030570
     stigid@sle12: SLES-12-020620
     stigid@sle15: SLES-15-030440
+    stigid@slmicro5: SLEM-05-654010
     stigid@ubuntu2004: UBTU-20-010168
     stigid@ubuntu2204: UBTU-22-654015
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 2cf66ca31d7..ece52f277b4 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93618-7
 CCE-93619-5
 CCE-93620-3
 CCE-93621-1

From edcd5f2008f04b57e339d7a0bbe91a7cf5b0c9e2 Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:30:41 +0300
Subject: [PATCH 11/18] Update rule audit_rules_execution_chcon to support
 slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_execution_chcon/rule.yml                     | 4 +++-
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index bc06e155e5a..e56aea28d17 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1389,8 +1389,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "chcon" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_execution_chcon
+      status: automated
     
     - id: SLEM-05-654025
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index a394b83d5ad..93c7c66aba7 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-87762-1
     cce@sle12: CCE-83215-4
     cce@sle15: CCE-85716-9
+    cce@slmicro5: CCE-93619-5
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -62,6 +63,7 @@ references:
     stigid@rhel8: RHEL-08-030260
     stigid@sle12: SLES-12-020630
     stigid@sle15: SLES-15-030450
+    stigid@slmicro5: SLEM-05-654020
     stigid@ubuntu2004: UBTU-20-010165
     stigid@ubuntu2204: UBTU-22-654025
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index ece52f277b4..702873b5de6 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93619-5
 CCE-93620-3
 CCE-93621-1
 CCE-93622-9

From 786f21d950ffbe22fc23e0aa4981d7fbe6893bbc Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:38:26 +0300
Subject: [PATCH 12/18] Update rule audit_rules_execution_rm to support
 slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_execution_rm/rule.yml                        | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index e56aea28d17..427a9fefea2 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1486,8 +1486,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "rm" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_execution_rm
+      status: automated
     
     - id: SLEM-05-654085
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
index b37f6c166ab..ba18a9bc2f3 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
@@ -29,6 +29,7 @@ severity: medium
 identifiers:
     cce@sle12: CCE-83216-2
     cce@sle15: CCE-85596-5
+    cce@slmicro5: CCE-93620-3
 
 references:
     disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884
@@ -36,6 +37,7 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle12: SLES-12-020640
     stigid@sle15: SLES-15-030460
+    stigid@slmicro5: SLEM-05-654080
 
 ocil: |-
     To verify that execution of the command is being audited, run the following command:
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 702873b5de6..2d952c2b81c 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93620-3
 CCE-93621-1
 CCE-93622-9
 CCE-93623-7

From 21bed23ca36a656606cb4133c016894d4eaf676a Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:49:49 +0300
Subject: [PATCH 13/18] Update rule audit_rules_privileged_commands_usermod to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_privileged_commands_usermod/rule.yml         | 2 ++
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 427a9fefea2..bf29549cd02 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1558,8 +1558,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "usermod" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_usermod
+      status: automated
     
     - id: SLEM-05-654130
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index d16b51023ec..a7872904e7b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -35,6 +35,7 @@ identifiers:
     cce@rhel10: CCE-87659-9
     cce@sle12: CCE-83191-7
     cce@sle15: CCE-85600-5
+    cce@slmicro5: CCE-93621-1
 
 references:
     cis@ubuntu2204: 4.1.3.18
@@ -45,6 +46,7 @@ references:
     stigid@rhel8: RHEL-08-030560
     stigid@sle12: SLES-12-020700
     stigid@sle15: SLES-15-030500
+    stigid@slmicro5: SLEM-05-654125
     stigid@ubuntu2004: UBTU-20-010176
     stigid@ubuntu2204: UBTU-22-654125
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 2d952c2b81c..59dc4dd2bbb 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93621-1
 CCE-93622-9
 CCE-93623-7
 CCE-93624-5

From a9f93fa7251d202d7bdf9ff7a908ac98666f5daf Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 10:59:16 +0300
Subject: [PATCH 14/18] Update rule
 audit_rules_privileged_commands_pam_timestamp_check to support slmicro5

---
 controls/stig_slmicro5.yml                                | 5 +++--
 .../rule.yml                                              | 8 +++++---
 shared/references/cce-slmicro5-avail.txt                  | 1 -
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index bf29549cd02..e237b34f0d1 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1471,8 +1471,9 @@ controls:
       title:
           SLEM 5 must generate audit records for all uses of the "pam_timestamp_check"
           command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_pam_timestamp_check
+      status: automated
     
     - id: SLEM-05-654075
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 3e40043143d..186eb0c9cd2 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -1,8 +1,8 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
-{{% if product in ["sle12", "sle15"] %}}
+{{% if product in ["sle12", "sle15", "slmicro5"] %}}
 {{% set pam_bin_path = "/sbin/pam_timestamp_check" %}}
 {{% else %}}
 {{% set pam_bin_path = "/usr/sbin/pam_timestamp_check" %}}
@@ -48,6 +48,7 @@ identifiers:
     cce@rhel10: CCE-89521-9
     cce@sle12: CCE-83127-1
     cce@sle15: CCE-85601-3
+    cce@slmicro5: CCE-93622-9
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -66,10 +67,11 @@ references:
     stigid@rhel8: RHEL-08-030340
     stigid@sle12: SLES-12-020720
     stigid@sle15: SLES-15-030510
+    stigid@slmicro5: SLEM-05-654070
     stigid@ubuntu2004: UBTU-20-010178
     stigid@ubuntu2204: UBTU-22-654075
 
-{{% if product not in ["sle12", "sle15"] %}}
+{{% if product not in ["sle12", "sle15", "slmicro5"] %}}
 {{{ ocil_fix_srg_privileged_command("pam_timestamp_check", "/usr/sbin/") }}}
 {{% endif %}}
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 59dc4dd2bbb..cb9d7996995 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93622-9
 CCE-93623-7
 CCE-93624-5
 CCE-93625-2

From 2b3f97fbbae2a8a06df366f49b2cb9d35339377e Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 11:00:52 +0300
Subject: [PATCH 15/18] Update rule audit_rules_privileged_commands_su to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_privileged_commands_su/rule.yml              | 4 +++-
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index e237b34f0d1..cdb5c335ea9 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1527,8 +1527,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "su" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_su
+      status: automated
     
     - id: SLEM-05-654110
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index 23b8d70368f..b07f8542066 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89587-0
     cce@sle12: CCE-83143-8
     cce@sle15: CCE-85602-1
+    cce@slmicro5: CCE-93623-7
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -61,6 +62,7 @@ references:
     stigid@rhel8: RHEL-08-030190
     stigid@sle12: SLES-12-020250
     stigid@sle15: SLES-15-030550
+    stigid@slmicro5: SLEM-05-654105
     stigid@ubuntu2004: UBTU-20-010136
     stigid@ubuntu2204: UBTU-22-654100
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index cb9d7996995..18028501865 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93623-7
 CCE-93624-5
 CCE-93625-2
 CCE-93626-0

From 75e620d31354bf84dd13ae18ed05a67c9b6bafed Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 11:04:47 +0300
Subject: [PATCH 16/18] Update rule audit_rules_privileged_commands_sudo to
 support slmicro5

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../audit_rules_privileged_commands_sudo/rule.yml            | 4 +++-
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index cdb5c335ea9..5204e7a2502 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1535,8 +1535,9 @@ controls:
       levels:
           - medium
       title: SLEM 5 must generate audit records for all uses of the "sudo" command.
-      rules: []
-      status: pending
+      rules:
+          - audit_rules_privileged_commands_sudo
+      status: automated
     
     - id: SLEM-05-654115
       levels:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index 9058d231cd7..7994455ef0f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "ubuntu2004", "ubuntu2204", "debian12"] or 'rhel' in product %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204", "debian12"] or 'rhel' in product %}}
   {{%- set perm_x="-F perm=x " %}}
 {{%- endif %}}
 
@@ -40,6 +40,7 @@ identifiers:
     cce@rhel10: CCE-89698-5
     cce@sle12: CCE-83144-6
     cce@sle15: CCE-85603-9
+    cce@slmicro5: CCE-93624-5
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
@@ -61,6 +62,7 @@ references:
     stigid@rhel8: RHEL-08-030550
     stigid@sle12: SLES-12-020260
     stigid@sle15: SLES-15-030560
+    stigid@slmicro5: SLEM-05-654110
     stigid@ubuntu2004: UBTU-20-010161
     stigid@ubuntu2204: UBTU-22-654105
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 18028501865..4391fa32348 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -1,4 +1,3 @@
-CCE-93624-5
 CCE-93625-2
 CCE-93626-0
 CCE-93627-8

From f268a964ed27a4b7e4bc8f998f823123304853cc Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 25 Jul 2024 11:10:51 +0300
Subject: [PATCH 17/18] Fix stigid@slmicro5 references

---
 .../audit_rules_execution_chacl/rule.yml                       | 1 -
 .../audit_rules_execution_chmod/rule.yml                       | 1 -
 .../audit_rules_execution_setfacl/rule.yml                     | 1 -
 .../audit_rules_execution_chcon/rule.yml                       | 1 -
 .../audit_rules_execution_rm/rule.yml                          | 1 -
 .../audit_rules_privileged_commands_insmod/rule.yml            | 1 -
 .../audit_rules_privileged_commands_kmod/rule.yml              | 1 -
 .../audit_rules_privileged_commands_modprobe/rule.yml          | 1 -
 .../rule.yml                                                   | 3 +--
 .../audit_rules_privileged_commands_rmmod/rule.yml             | 1 -
 .../audit_rules_privileged_commands_ssh_agent/rule.yml         | 1 -
 .../audit_rules_privileged_commands_su/rule.yml                | 1 -
 .../audit_rules_privileged_commands_sudo/rule.yml              | 1 -
 .../audit_rules_privileged_commands_usermod/rule.yml           | 1 -
 14 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index cd4eb5ecce1..9771c91f0a1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -42,7 +42,6 @@ references:
     stigid@rhel8: RHEL-08-030570
     stigid@sle12: SLES-12-020620
     stigid@sle15: SLES-15-030440
-    stigid@slmicro5: SLEM-05-654010
     stigid@ubuntu2004: UBTU-20-010168
     stigid@ubuntu2204: UBTU-22-654015
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
index 650553f6cb9..ce016cd8c92 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chmod/rule.yml
@@ -37,7 +37,6 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle12: SLES-12-020600
     stigid@sle15: SLES-15-030420
-    stigid@slmicro5: SLEM-05-654030
 
 ocil: |-
     To verify that execution of the command is being audited, run the following command:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index 71664ded787..de22361ed89 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -41,7 +41,6 @@ references:
     stigid@rhel8: RHEL-08-030330
     stigid@sle12: SLES-12-020610
     stigid@sle15: SLES-15-030430
-    stigid@slmicro5: SLEM-05-654090
     stigid@ubuntu2004: UBTU-20-010167
     stigid@ubuntu2204: UBTU-22-654085
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index 93c7c66aba7..2fe1d208136 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -63,7 +63,6 @@ references:
     stigid@rhel8: RHEL-08-030260
     stigid@sle12: SLES-12-020630
     stigid@sle15: SLES-15-030450
-    stigid@slmicro5: SLEM-05-654020
     stigid@ubuntu2004: UBTU-20-010165
     stigid@ubuntu2204: UBTU-22-654025
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
index ba18a9bc2f3..3e78b0c3a4a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_rm/rule.yml
@@ -37,7 +37,6 @@ references:
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle12: SLES-12-020640
     stigid@sle15: SLES-15-030460
-    stigid@slmicro5: SLEM-05-654080
 
 ocil: |-
     To verify that execution of the command is being audited, run the following command:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
index 52292a14ccf..d53b9c10f1e 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml
@@ -40,7 +40,6 @@ references:
     nist: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030380
-    stigid@slmicro5: SLEM-05-654050
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index 6d1017a9b2d..db18a8315f6 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
@@ -49,7 +49,6 @@ references:
     stigid@rhel8: RHEL-08-030580
     stigid@sle12: SLES-12-020360
     stigid@sle15: SLES-15-030410
-    stigid@slmicro5: SLEM-05-654055
     stigid@ubuntu2004: UBTU-20-010297
     stigid@ubuntu2204: UBTU-22-654055
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
index 2dbfeaee43f..aed7472690b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml
@@ -45,7 +45,6 @@ references:
     nist: AU-12(a),AU-12.1(ii),AU-3,AU-3.1,AU-12(c),AU-12.1(iv),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030400
-    stigid@slmicro5: SLEM-05-654060
     stigid@ubuntu2004: UBTU-20-010296
     stigid@ubuntu2204: UBTU-22-654060
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 186eb0c9cd2..d8f56e495ac 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -66,8 +66,7 @@ references:
     stigid@ol8: OL08-00-030340
     stigid@rhel8: RHEL-08-030340
     stigid@sle12: SLES-12-020720
-    stigid@sle15: SLES-15-030510
-    stigid@slmicro5: SLEM-05-654070
+    stigid@sle15: SLES-15-030510    
     stigid@ubuntu2004: UBTU-20-010178
     stigid@ubuntu2204: UBTU-22-654075
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
index 1171e93eb62..3e2a3672415 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml
@@ -41,7 +41,6 @@ references:
     nist@sle15: AU-12(c),AU-12.1(iv),AU-3,AU-3.1,AU-12(a),AU-12.1(ii),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
     stigid@sle15: SLES-15-030390
-    stigid@slmicro5: SLEM-05-654085
 
 ocil_clause: '{{{ ocil_clause_audit() }}}'
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
index 7f9462dbf9f..c5e3c24f947 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
@@ -44,7 +44,6 @@ references:
     stigid@rhel8: RHEL-08-030280
     stigid@sle12: SLES-12-020310
     stigid@sle15: SLES-15-030370
-    stigid@slmicro5:  SLEM-05-654095
     stigid@ubuntu2004: UBTU-20-010140
     stigid@ubuntu2204: UBTU-22-654090
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index b07f8542066..f65a2c5820a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -62,7 +62,6 @@ references:
     stigid@rhel8: RHEL-08-030190
     stigid@sle12: SLES-12-020250
     stigid@sle15: SLES-15-030550
-    stigid@slmicro5: SLEM-05-654105
     stigid@ubuntu2004: UBTU-20-010136
     stigid@ubuntu2204: UBTU-22-654100
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index 7994455ef0f..bbab6b794ff 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -62,7 +62,6 @@ references:
     stigid@rhel8: RHEL-08-030550
     stigid@sle12: SLES-12-020260
     stigid@sle15: SLES-15-030560
-    stigid@slmicro5: SLEM-05-654110
     stigid@ubuntu2004: UBTU-20-010161
     stigid@ubuntu2204: UBTU-22-654105
 
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index a7872904e7b..c68ccebf3c7 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -46,7 +46,6 @@ references:
     stigid@rhel8: RHEL-08-030560
     stigid@sle12: SLES-12-020700
     stigid@sle15: SLES-15-030500
-    stigid@slmicro5: SLEM-05-654125
     stigid@ubuntu2004: UBTU-20-010176
     stigid@ubuntu2204: UBTU-22-654125
 

From 1ea63b43efb0b24dc3da9daf3ae497fef01cc478 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Mon, 29 Jul 2024 14:15:06 +0300
Subject: [PATCH 18/18] Order platform applicability directive alphabetically

---
 .../audit_rules_privileged_commands_modprobe/bash/shared.sh     | 2 +-
 .../audit_rules_privileged_commands_rmmod/bash/shared.sh        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
index dbcfa07a646..c4c78f75636 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
index 09092394af6..102d4b40b87 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}}