From dbdc65f925c1bd63b7a9c0639686e1b1de1ca55f Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 26 Oct 2025 16:34:41 +0200
Subject: [PATCH 1/3] Fix aide database file for sle16 platform

---
 .../aide/aide_build_database/oval/shared.xml                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml
index d756d5d6dda..4fa825c17e4 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml
@@ -15,9 +15,9 @@
   <!-- OVAL object to collect filename for Aide build database -->
   <ind:textfilecontent54_object id="object_aide_operational_database_filename" version="1">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    {{% if 'sle' in product or product == 'slmicro5' %}}
+    {{% if product in ['sle12', 'sle15', 'slmicro5'] %}}
       <ind:pattern operation="pattern match">^database=file:/([/a-z.]+)$</ind:pattern>
-    {{% elif product == 'slmicro6' %}}
+    {{% elif product in ['sle16', 'slmicro6'] %}}
       <ind:pattern operation="pattern match">^database_in=file:/([/a-z.]+)$</ind:pattern>
     {{% elif product == "rhel9" %}}
       <!-- RHEL 9.8 (aide-0.19.2-2.el9 and newer) uses _in suffix for database_in line -->

From fffbbe5d941abd4aed6b2419f2350a558ae68629 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 26 Oct 2025 16:54:16 +0200
Subject: [PATCH 2/3] Add support of display_login_attempts for SLE16 platform

---
 .../accounts-pam/display_login_attempts/ansible/shared.yml  | 4 ++--
 .../accounts-pam/display_login_attempts/bash/shared.sh      | 4 ++--
 .../accounts-pam/display_login_attempts/oval/shared.xml     | 4 ++--
 .../accounts/accounts-pam/display_login_attempts/rule.yml   | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
index be23b5ae8fb..d5a3be0e29d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
@@ -4,11 +4,11 @@
 # complexity = low
 # disruption = low
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
index 50e5845d2b0..4a8bd355094 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
@@ -1,6 +1,6 @@
 # platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_almalinux
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- if "ubuntu" in product %}}
@@ -8,7 +8,7 @@
 {{%- else %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
 {{%- endif %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml
index 4bd247c410d..b1b45341c60 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml
@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{% set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{% set pam_lastlog = "pam_lastlog.so" %}}
-{{% elif product == 'slmicro6' %}}
+{{% elif product in ['sle16', 'slmicro6'] %}}
 {{% set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{% set pam_lastlog = "pam_lastlog2.so" %}}
 {{% else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
index 5703fde6aa4..0301a7a2eda 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}
@@ -43,7 +43,7 @@ identifiers:
     cce@sle12: CCE-83149-5
     cce@sle15: CCE-85560-1
     cce@slmicro5: CCE-93730-0
-    cce@slmicro6: CCE-95037-8 
+    cce@slmicro6: CCE-95037-8
 
 references:
     cis-csc: 1,12,15,16

From ce6d78b35163a4ac279f9cd706316db0d9cd91d9 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 26 Oct 2025 17:33:00 +0200
Subject: [PATCH 3/3] Add aide rules and display_login_attempts to sle16 base
 profile

---
 products/sle16/profiles/base.profile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/products/sle16/profiles/base.profile b/products/sle16/profiles/base.profile
index 1d6c2bcfd35..981ba581ca9 100644
--- a/products/sle16/profiles/base.profile
+++ b/products/sle16/profiles/base.profile
@@ -17,3 +17,6 @@ description: |-
 
 selections:
     - base_sle16:all
+    - aide_build_database
+    - aide_periodic_checking_systemd_timer
+    - display_login_attempts