SLE16 enable aide and display_login rules

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml

@@ -4,11 +4,11 @@
 # complexity = low
 # disruption = low
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh

@@ -1,14 +1,14 @@
 # platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_almalinux
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- if "ubuntu" in product %}}
 {{%- set after_match = "BOF" %}}
 {{%- else %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
 {{%- endif %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml

@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{% set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{% set pam_lastlog = "pam_lastlog.so" %}}
-{{% elif product == 'slmicro6' %}}
+{{% elif product in ['sle16', 'slmicro6'] %}}
 {{% set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{% set pam_lastlog = "pam_lastlog2.so" %}}
 {{% else %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml

@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}
@@ -43,7 +43,7 @@ identifiers:
     cce@sle12: CCE-83149-5
     cce@sle15: CCE-85560-1
     cce@slmicro5: CCE-93730-0
-    cce@slmicro6: CCE-95037-8 
+    cce@slmicro6: CCE-95037-8
 
 references:
     cis-csc: 1,12,15,16

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml

@@ -15,9 +15,9 @@
   <!-- OVAL object to collect filename for Aide build database -->
   <ind:textfilecontent54_object id="object_aide_operational_database_filename" version="1">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    {{% if 'sle' in product or product == 'slmicro5' %}}
+    {{% if product in ['sle12', 'sle15', 'slmicro5'] %}}
       <ind:pattern operation="pattern match">^database=file:/([/a-z.]+)$</ind:pattern>
-    {{% elif product == 'slmicro6' %}}
+    {{% elif product in ['sle16', 'slmicro6'] %}}
       <ind:pattern operation="pattern match">^database_in=file:/([/a-z.]+)$</ind:pattern>
     {{% elif product == "rhel9" %}}
       <!-- RHEL 9.8 (aide-0.19.2-2.el9 and newer) uses _in suffix for database_in line -->

products/sle16/controls/base_sle16/0500_audit.yml

@@ -26,3 +26,10 @@ controls:
       rules:
           - rsyslog_remote_loghost
       status: automated
+    - id: SLES-16-16016515
+      levels:
+          - pcidss4
+      title: SLE16 system should capture invalid login access attempts
+      status: automated
+      rules:
+          - display_login_attempts

products/sle16/controls/base_sle16/0700_security_check.yml

@@ -0,0 +1,15 @@
+#
+# A group of rules regarding verifying operating system security
+#
+# SLES-16 ids allocated for this group from SLES-16-16016700 till SLES-16-16016799
+#
+
+controls:
+    - id: SLES-16-16016700
+      levels:
+          - pcidss4
+      title: SLE16 system should have system for checking its integrity
+      status: automated
+      rules:
+          - aide_build_database
+          - aide_periodic_checking_systemd_timer