SLE16 enable aide and display_login rules

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml

@@ -4,11 +4,11 @@
 # complexity = low
 # disruption = low
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh

@@ -1,14 +1,14 @@
 # platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_almalinux
 
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5'] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
 {{%- if "ubuntu" in product %}}
 {{%- set after_match = "BOF" %}}
 {{%- else %}}
 {{%- set after_match = "^\s*session.*include\s+common-session$" %}}
 {{%- endif %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/oval/shared.xml

@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{% set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{% set pam_lastlog = "pam_lastlog.so" %}}
-{{% elif product == 'slmicro6' %}}
+{{% elif product in ['sle16', 'slmicro6'] %}}
 {{% set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{% set pam_lastlog = "pam_lastlog2.so" %}}
 {{% else %}}

linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml

@@ -1,7 +1,7 @@
-{{%- if "sle" in product or "slmicro5" in product or "ubuntu" in product %}}
+{{%- if product in ['sle12', 'sle15', 'slmicro5' ] or "ubuntu" in product %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 {{%- set pam_lastlog = "pam_lastlog.so" %}}
-{{%- elif product == 'slmicro6' %}}
+{{%- elif product in ['sle16', 'slmicro6'] %}}
 {{%- set pam_lastlog_path = "/etc/pam.d/postlogin-session" %}}
 {{%- set pam_lastlog = "pam_lastlog2.so" %}}
 {{%- else %}}
@@ -43,7 +43,7 @@ identifiers:
     cce@sle12: CCE-83149-5
     cce@sle15: CCE-85560-1
     cce@slmicro5: CCE-93730-0
-    cce@slmicro6: CCE-95037-8 
+    cce@slmicro6: CCE-95037-8
 
 references:
     cis-csc: 1,12,15,16

linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/oval/shared.xml

@@ -15,9 +15,9 @@
   <!-- OVAL object to collect filename for Aide build database -->
   <ind:textfilecontent54_object id="object_aide_operational_database_filename" version="1">
     <ind:filepath>/etc/aide.conf</ind:filepath>
-    {{% if 'sle' in product or product == 'slmicro5' %}}
+    {{% if product in ['sle12', 'sle15', 'slmicro5'] %}}
       <ind:pattern operation="pattern match">^database=file:/([/a-z.]+)$</ind:pattern>
-    {{% elif product == 'slmicro6' %}}
+    {{% elif product in ['sle16', 'slmicro6'] %}}
       <ind:pattern operation="pattern match">^database_in=file:/([/a-z.]+)$</ind:pattern>
     {{% elif product == "rhel9" %}}
       <!-- RHEL 9.8 (aide-0.19.2-2.el9 and newer) uses _in suffix for database_in line -->

products/sle16/profiles/base.profile

@@ -17,3 +17,6 @@ description: |-
 
 selections:
     - base_sle16:all
+    - aide_build_database
+    - aide_periodic_checking_systemd_timer
+    - display_login_attempts