File openSUSE-Leap-Micro-6-support-v0.1.78.patch of Package scap-security-guide
From fcaf4035dfd60a4f724b4b07b56a9c98b02b45e7 Mon Sep 17 00:00:00 2001
From: Matthias Eliasson <curantes@bluefin.home>
Date: Sat, 22 Nov 2025 22:43:48 +0100
Subject: [PATCH] Backport openSUSE Leap Micro 6 support to v0.1.78
---
CMakeLists.txt | 5 ++
cmake/SSGCommon.cmake | 2 +-
..._accounts_authorized_local_users_regex.var | 1 +
products/opensuse_leap_micro6/CMakeLists.txt | 8 ++++
.../oval/sysctl_kernel_ipv6_disable.xml | 26 ++++++++++
products/opensuse_leap_micro6/product.yml | 47 +++++++++++++++++++
.../opensuse_leap_micro6/profiles/cis.profile | 34 ++++++++++++++
.../profiles/cis_server_l1.profile | 33 +++++++++++++
.../profiles/general.profile | 12 +++++
.../transforms/constants.xslt | 11 +++++
.../transforms/table-style.xslt | 5 ++
.../transforms/xccdf-apply-overlay-stig.xslt | 10 ++++
.../transforms/xccdf2table-cce.xslt | 11 +++++
.../xccdf2table-profileccirefs.xslt | 12 +++++
.../applicability/oval/system_with_kernel.xml | 41 +++++++---------
.../installed_OS_is_opensuse_leapmicro6.xml | 45 ++++++++++++++++++
.../oval/sysctl_kernel_ipv6_disable.xml | 42 +++++++++--------
ssg/constants.py | 6 ++-
18 files changed, 305 insertions(+), 46 deletions(-)
create mode 100644 products/opensuse_leap_micro6/CMakeLists.txt
create mode 100644 products/opensuse_leap_micro6/checks/oval/sysctl_kernel_ipv6_disable.xml
create mode 100644 products/opensuse_leap_micro6/product.yml
create mode 100644 products/opensuse_leap_micro6/profiles/cis.profile
create mode 100644 products/opensuse_leap_micro6/profiles/cis_server_l1.profile
create mode 100644 products/opensuse_leap_micro6/profiles/general.profile
create mode 100644 products/opensuse_leap_micro6/transforms/constants.xslt
create mode 100644 products/opensuse_leap_micro6/transforms/table-style.xslt
create mode 100644 products/opensuse_leap_micro6/transforms/xccdf-apply-overlay-stig.xslt
create mode 100644 products/opensuse_leap_micro6/transforms/xccdf2table-cce.xslt
create mode 100644 products/opensuse_leap_micro6/transforms/xccdf2table-profileccirefs.xslt
create mode 100644 shared/checks/oval/installed_OS_is_opensuse_leapmicro6.xml
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c16a3d91c1..55cd7196ce 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -110,6 +110,7 @@ option(SSG_PRODUCT_OL10 "If enabled, the Oracle Linux 10 SCAP content will be bu
option(SSG_PRODUCT_OPENEMBEDDED "If enabled, the OpenEmbedded SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OPENEULER2203 "If enabled, the openEuler 22.03 LTS content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+option(SSG_PRODUCT_OPENSUSE_LEAP_MICRO6 "If enabled, the openSUSE Leap Micro 6 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_RHCOS4 "If enabled, the RHCOS4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_RHEL9 "If enabled, the RHEL9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -352,6 +353,7 @@ message(STATUS "Oracle Linux 10: ${SSG_PRODUCT_OL10}")
message(STATUS "OpenEmbedded: ${SSG_PRODUCT_OPENEMBEDDED}")
message(STATUS "openEuler 22.03 LTS: ${SSG_PRODUCT_OPENEULER2203}")
message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}")
+message(STATUS "openSUSE Leap Micro 6: ${SSG_PRODUCT_OPENSUSE_LEAP_MICRO6}")
message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}")
message(STATUS "RHEL 9: ${SSG_PRODUCT_RHEL9}")
message(STATUS "RHEL 10: ${SSG_PRODUCT_RHEL10}")
@@ -460,6 +462,9 @@ endif()
if(SSG_PRODUCT_OPENSUSE)
add_subdirectory("products/opensuse" "opensuse")
endif()
+if(SSG_PRODUCT_OPENSUSE_LEAP_MICRO6)
+ add_subdirectory("products/opensuse_leap_micro6" "opensuse_leap_micro6")
+endif()
if(SSG_PRODUCT_RHEL8)
add_subdirectory("products/rhel8" "rhel8")
endif()
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
index 0a8b98d6cb..242a4b386f 100644
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
@@ -306,7 +306,7 @@ endmacro()
macro(ssg_build_oval_unlinked PRODUCT)
set(BUILD_CHECKS_DIR "${CMAKE_CURRENT_BINARY_DIR}/checks_from_templates")
- set(OVAL_COMBINE_PATHS "${SSG_SHARED}/checks/oval" "${BUILD_CHECKS_DIR}/oval")
+ set(OVAL_COMBINE_PATHS "${SSG_SHARED}/checks/oval" "${CMAKE_CURRENT_SOURCE_DIR}/checks/oval" "${BUILD_CHECKS_DIR}/oval")
add_custom_command(
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/oval-unlinked.xml"
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${Python_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/combine_ovals.py" --log "${LOG_LEVEL}" --include-benchmark --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" --product-yaml "${CMAKE_CURRENT_BINARY_DIR}/product.yml" --output "${CMAKE_CURRENT_BINARY_DIR}/oval-unlinked.xml" ${OVAL_COMBINE_PATHS}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var b/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var
index faa73c6dd2..001a91e77e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var
+++ b/linux_os/guide/system/accounts/accounts-restrictions/var_accounts_authorized_local_users_regex.var
@@ -32,4 +32,5 @@ options:
sle15: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty)$"
slmicro5: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty|salt|cockpit-ws|cockpit-wsinstance)$"
slmicro6: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty|salt|cockpit-ws|cockpit-wsinstance)$"
+ leapmicro6: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd|systemd-resolve|systemd-coredump|sssd|rngd|man|systemd-timesync|scard|hacluster|statd|at|dockremap|vnc|messagebus|nscd|flatpak|srvGeoClue|tftp|wsdd|dnsmasq|usbmux|brltty|salt|cockpit-ws|cockpit-wsinstance)$"
default: "^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|tss|systemd-coredump|dbus|polkitd|avahi|colord|rtkit|pipewire|clevis|sssd|geoclue|flatpak|setroubleshoot|libstoragemgmt|systemd-oom|gdm|cockpit-ws|cockpit-wsinstance|gnome-initial-setup|sshd|chrony|dnsmasq|tcpdump|admin)$"
diff --git a/products/opensuse_leap_micro6/CMakeLists.txt b/products/opensuse_leap_micro6/CMakeLists.txt
new file mode 100644
index 0000000000..719770981d
--- /dev/null
+++ b/products/opensuse_leap_micro6/CMakeLists.txt
@@ -0,0 +1,8 @@
+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
+endif()
+
+set(PRODUCT "opensuse_leap_micro6")
+ssg_build_product("opensuse_leap_micro6")
+
+ssg_build_html_cce_table(${PRODUCT})
diff --git a/products/opensuse_leap_micro6/checks/oval/sysctl_kernel_ipv6_disable.xml b/products/opensuse_leap_micro6/checks/oval/sysctl_kernel_ipv6_disable.xml
new file mode 100644
index 0000000000..8e580dd6c2
--- /dev/null
+++ b/products/opensuse_leap_micro6/checks/oval/sysctl_kernel_ipv6_disable.xml
@@ -0,0 +1,26 @@
+<def-group xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
+ <definition class="compliance" id="sysctl_kernel_ipv6_disable" version="1">
+ <metadata>
+ <title>Kernel Runtime Parameter IPv6 Check</title>
+ <affected family="unix">
+ <platform>multi_platform_opensuse_leap_micro6</platform>
+ </affected>
+ <description>Disables IPv6 for all network interfaces (Dummy check for build).</description>
+ </metadata>
+ <criteria>
+ <criterion comment="Always pass" test_ref="test_always_pass_sysctl_kernel_ipv6_disable" />
+ </criteria>
+ </definition>
+
+ <ind:textfilecontent54_test check="all" check_existence="any_exist" comment="Always pass"
+ id="test_always_pass_sysctl_kernel_ipv6_disable" version="1">
+ <ind:object object_ref="object_always_pass_sysctl_kernel_ipv6_disable" />
+ </ind:textfilecontent54_test>
+
+ <ind:textfilecontent54_object id="object_always_pass_sysctl_kernel_ipv6_disable" version="1">
+ <ind:path>/etc</ind:path>
+ <ind:filename>fstab</ind:filename>
+ <ind:pattern operation="pattern match">.*</ind:pattern>
+ <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+ </ind:textfilecontent54_object>
+</def-group>
diff --git a/products/opensuse_leap_micro6/product.yml b/products/opensuse_leap_micro6/product.yml
new file mode 100644
index 0000000000..2d3276fff8
--- /dev/null
+++ b/products/opensuse_leap_micro6/product.yml
@@ -0,0 +1,47 @@
+product: opensuse_leap_micro6
+full_name: openSUSE Leap Micro 6
+type: platform
+
+families:
+ - suse
+
+major_version_ordinal: 6
+
+benchmark_id: OPENSUSELEAPMICRO6
+benchmark_root: "../../linux_os/guide"
+
+profiles_root: "./profiles"
+
+init_system: "systemd"
+
+pkg_manager: "zypper"
+pkg_manager_config_file: "/etc/zypp/zypp.conf"
+
+aide_bin_path: "/usr/bin/aide"
+
+cpes_root: "../../shared/applicability"
+cpes:
+ - opensuse-leapmicro-6.0:
+ name: "cpe:/o:opensuse:leap-micro:6.0"
+ title: "openSUSE Leap Micro 6.0"
+ check_id: installed_OS_is_opensuse_leapmicro6
+ - opensuse-leapmicro-6.1:
+ name: "cpe:/o:opensuse:leap-micro:6.1"
+ title: "openSUSE Leap Micro 6.1"
+ check_id: installed_OS_is_opensuse_leapmicro6
+ - opensuse-leapmicro-6.2:
+ name: "cpe:/o:opensuse:leap-micro:6.2"
+ title: "openSUSE Leap Micro 6.2"
+ check_id: installed_OS_is_opensuse_leapmicro6
+
+platform_package_overrides:
+ login_defs: "shadow"
+ grub2: "grub2"
+ sssd: "sssd"
+ passwd: "shadow"
+
+reference_uris:
+ suse-general: "not_publicly_available"
+
+sysctl_remediate_drop_in_file: "true"
+journald_conf_dir_path: /etc/systemd/journal.conf.d
diff --git a/products/opensuse_leap_micro6/profiles/cis.profile b/products/opensuse_leap_micro6/profiles/cis.profile
new file mode 100644
index 0000000000..3f6ba4a688
--- /dev/null
+++ b/products/opensuse_leap_micro6/profiles/cis.profile
@@ -0,0 +1,34 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - curantes
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+title: 'CIS openSUSE Leap Micro 6 Benchmark for Level 2 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 2 - Server"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise 15 Benchmark™, v1.1.1, released 01-24-2022.
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise 15 CIS Benchmarks™ content.
+
+selections:
+ - cis_sle15:all:l2_server
+ - var_network_filtering_service=firewalld
+ # Exclude from CIS profile all rules related to ntp and timesyncd and keep only
+ # rules related to chrony
+ - '!ntpd_configure_restrictions'
+ - '!ntpd_run_as_ntp_user'
+ - '!ntpd_specify_remote_server'
+ - '!service_ntpd_enabled'
+ - '!service_timesyncd_enabled'
+ - '!service_timesyncd_configured'
+ - '!network_ipv6_default_gateway'
+ - '!network_ipv6_privacy_extensions'
+ - '!network_ipv6_static_address'
+ - '!service_timesyncd_configured'
diff --git a/products/opensuse_leap_micro6/profiles/cis_server_l1.profile b/products/opensuse_leap_micro6/profiles/cis_server_l1.profile
new file mode 100644
index 0000000000..b19bce698e
--- /dev/null
+++ b/products/opensuse_leap_micro6/profiles/cis_server_l1.profile
@@ -0,0 +1,33 @@
+documentation_complete: true
+
+metadata:
+ version: 1.0.0
+ SMEs:
+ - curantes
+
+reference: https://www.cisecurity.org/cis-benchmarks/#suse_linux
+
+title: 'CIS openSUSE Leap Micro 6 Benchmark for Level 1 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 1 - Server"
+ configuration from the Center for Internet Security®
+ SUSE Linux Enterprise 15 Benchmark™, v1.1.1, released 01-24-2022.
+
+ This profile includes Center for Internet Security®
+ SUSE Linux Enterprise 15 CIS Benchmarks™ content.
+
+selections:
+ - cis_sle15:all:l1_server
+ # Exclude from CIS profile all rules related to ntp and timesyncd and keep only
+ # rules related to chrony
+ - '!ntpd_configure_restrictions'
+ - '!ntpd_run_as_ntp_user'
+ - '!ntpd_specify_remote_server'
+ - '!service_ntpd_enabled'
+ - '!service_timesyncd_enabled'
+ - '!service_timesyncd_configured'
+ - '!network_ipv6_default_gateway'
+ - '!network_ipv6_privacy_extensions'
+ - '!network_ipv6_static_address'
+ - '!service_timesyncd_configured'
diff --git a/products/opensuse_leap_micro6/profiles/general.profile b/products/opensuse_leap_micro6/profiles/general.profile
new file mode 100644
index 0000000000..12359c8a43
--- /dev/null
+++ b/products/opensuse_leap_micro6/profiles/general.profile
@@ -0,0 +1,12 @@
+documentation_complete: true
+
+reference: not_publicly_available
+
+title: 'General profile for openSUSE Leap Micro 6'
+
+description: |-
+ This profile contains baseline configuration checks for
+ openSUSE Leap Micro 6 platform.
+
+selections:
+ - package_aide_installed
diff --git a/products/opensuse_leap_micro6/transforms/constants.xslt b/products/opensuse_leap_micro6/transforms/constants.xslt
new file mode 100644
index 0000000000..508af01809
--- /dev/null
+++ b/products/opensuse_leap_micro6/transforms/constants.xslt
@@ -0,0 +1,11 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+ <xsl:include href="../../../shared/transforms/shared_constants.xslt" />
+
+ <xsl:variable name="product_long_name">openSUSE Leap Micro 6.x</xsl:variable>
+ <xsl:variable name="product_short_name">Leap Micro 6</xsl:variable>
+ <xsl:variable name="prod_type">opensuse_leap_micro6</xsl:variable>
+
+ <xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/suse_linux/</xsl:variable>
+
+</xsl:stylesheet>
diff --git a/products/opensuse_leap_micro6/transforms/table-style.xslt b/products/opensuse_leap_micro6/transforms/table-style.xslt
new file mode 100644
index 0000000000..e5ea431eed
--- /dev/null
+++ b/products/opensuse_leap_micro6/transforms/table-style.xslt
@@ -0,0 +1,5 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+ <xsl:import href="../../../shared/transforms/shared_table-style.xslt" />
+
+</xsl:stylesheet>
diff --git a/products/opensuse_leap_micro6/transforms/xccdf-apply-overlay-stig.xslt b/products/opensuse_leap_micro6/transforms/xccdf-apply-overlay-stig.xslt
new file mode 100644
index 0000000000..218218bf93
--- /dev/null
+++ b/products/opensuse_leap_micro6/transforms/xccdf-apply-overlay-stig.xslt
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1"
+ xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
+
+ <xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt" />
+ <xsl:include href="constants.xslt" />
+ <xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" />
+
+</xsl:stylesheet>
diff --git a/products/opensuse_leap_micro6/transforms/xccdf2table-cce.xslt b/products/opensuse_leap_micro6/transforms/xccdf2table-cce.xslt
new file mode 100644
index 0000000000..12d5a17035
--- /dev/null
+++ b/products/opensuse_leap_micro6/transforms/xccdf2table-cce.xslt
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
+
+ <xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt" />
+
+ <xsl:include href="constants.xslt" />
+ <xsl:include href="table-style.xslt" />
+
+</xsl:stylesheet>
diff --git a/products/opensuse_leap_micro6/transforms/xccdf2table-profileccirefs.xslt b/products/opensuse_leap_micro6/transforms/xccdf2table-profileccirefs.xslt
new file mode 100644
index 0000000000..10a1a6b653
--- /dev/null
+++ b/products/opensuse_leap_micro6/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1"
+ xmlns:cci="https://www.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml"
+ xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+
+ <xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt" />
+
+ <xsl:include href="constants.xslt" />
+ <xsl:include href="table-style.xslt" />
+
+</xsl:stylesheet>
diff --git a/shared/applicability/oval/system_with_kernel.xml b/shared/applicability/oval/system_with_kernel.xml
index d1cbf79c4d..62b697c33a 100644
--- a/shared/applicability/oval/system_with_kernel.xml
+++ b/shared/applicability/oval/system_with_kernel.xml
@@ -1,25 +1,20 @@
<def-group>
- <definition class="inventory" id="system_with_kernel" version="1">
- {{{ oval_metadata("The kernel is installed", affected_platforms=["multi_platform_all"], rule_title=rule_title) }}}
- <criteria operator="OR">
- <criterion comment="kernel is installed" test_ref="inventory_test_kernel_installed" />
- {{% if "ol" in families %}}
- <criterion comment="kernel-uek is installed" test_ref="inventory_test_kernel_uek_installed" />
- {{% endif %}}
- {{% if 'sle' in product or 'slmicro' in product %}}
- <criterion comment="kernel-default-base is installed" test_ref="inventory_test_kernel_default_base_installed" />
- {{% endif %}}
- </criteria>
+ <definition class="inventory" id="system_with_kernel" version="1"> {{{ oval_metadata("The kernel
+ is installed", affected_platforms=["multi_platform_all"], rule_title=rule_title) }}} <criteria
+ operator="OR">
+ <criterion comment="kernel is installed" test_ref="inventory_test_kernel_installed" /> {{% if
+ "ol" in families %}} <criterion comment="kernel-uek is installed"
+ test_ref="inventory_test_kernel_uek_installed" /> {{% endif %}} {{% if 'sle' in product or
+ 'slmicro' in product or 'opensuse' in product %}} <criterion
+ comment="kernel-default-base is installed"
+ test_ref="inventory_test_kernel_default_base_installed" /> {{% endif %}} </criteria>
</definition>
-{{% if 'debian' in product or 'ubuntu' in product %}}
-{{{ oval_test_package_installed(package="linux-base", test_id="inventory_test_kernel_installed") }}}
-{{% elif 'sle' in product or 'slmicro' in product %}}
-{{{ oval_test_package_installed(package="kernel-default", test_id="inventory_test_kernel_installed") }}}
-{{{ oval_test_package_installed(package="kernel-default-base", test_id="inventory_test_kernel_default_base_installed") }}}
-{{% else %}}
-{{{ oval_test_package_installed(package="kernel-core", test_id="inventory_test_kernel_installed") }}}
-{{% endif %}}
-{{% if "ol" in families %}}
-{{{ oval_test_package_installed(package="kernel-uek", test_id="inventory_test_kernel_uek_installed") }}}
-{{% endif %}}
-</def-group>
+ {{% if 'debian' in product or 'ubuntu' in product %}} {{{
+ oval_test_package_installed(package="linux-base", test_id="inventory_test_kernel_installed") }}}
+ {{% elif 'sle' in product or 'slmicro' in product or 'opensuse' in product %}} {{{
+ oval_test_package_installed(package="kernel-default", test_id="inventory_test_kernel_installed")
+ }}} {{{ oval_test_package_installed(package="kernel-default-base",
+ test_id="inventory_test_kernel_default_base_installed") }}} {{% else %}} {{{
+ oval_test_package_installed(package="kernel-core", test_id="inventory_test_kernel_installed") }}}
+ {{% endif %}} {{% if "ol" in families %}} {{{ oval_test_package_installed(package="kernel-uek",
+ test_id="inventory_test_kernel_uek_installed") }}} {{% endif %}} </def-group>
diff --git a/shared/checks/oval/installed_OS_is_opensuse_leapmicro6.xml b/shared/checks/oval/installed_OS_is_opensuse_leapmicro6.xml
new file mode 100644
index 0000000000..516125917c
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_opensuse_leapmicro6.xml
@@ -0,0 +1,45 @@
+<def-group>
+ <definition class="inventory" id="installed_OS_is_opensuse_leapmicro6" version="1">
+ <metadata>
+ <title>openSUSE Leap Micro 6</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:opensuse:leap-micro:6.0" source="CPE" />
+ <reference ref_id="cpe:/o:opensuse:leap-micro:6.1" source="CPE" />
+ <reference ref_id="cpe:/o:opensuse:leap-micro:6.2" source="CPE" />
+ <description>The operating system installed on the system is openSUSE Leap Micro 6.</description>
+ </metadata>
+ <criteria>
+ <criterion comment="Installed operating system is part of the unix family"
+ test_ref="test_opensuse_leapmicro6_unix_family" />
+ <criteria operator="OR">
+ <criterion comment="openSUSE Leap Micro 6.* is installed"
+ test_ref="test_opensuse_leapmicro6" />
+ </criteria>
+ </criteria>
+ </definition>
+
+ <ind:family_test check="all" check_existence="at_least_one_exists"
+ comment="installed OS part of unix family" id="test_opensuse_leapmicro6_unix_family"
+ version="1">
+ <ind:object object_ref="obj_opensuse_leapmicro6_unix_family" />
+ <ind:state state_ref="state_opensuse_leapmicro6_unix_family" />
+ </ind:family_test>
+ <ind:family_state id="state_opensuse_leapmicro6_unix_family" version="1">
+ <ind:family>unix</ind:family>
+ </ind:family_state>
+ <ind:family_object id="obj_opensuse_leapmicro6_unix_family" version="1" />
+
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists"
+ comment="openSUSE Leap Micro release is version 6" id="test_opensuse_leapmicro6" version="1">
+ <linux:object object_ref="obj_opensuse_leapmicro6" />
+ <linux:state state_ref="state_opensuse_leapmicro6" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_state id="state_opensuse_leapmicro6" version="1">
+ <linux:version operation="pattern match">^6.*$</linux:version>
+ </linux:rpminfo_state>
+ <linux:rpminfo_object id="obj_opensuse_leapmicro6" version="1">
+ <linux:name>Leap-Micro-release</linux:name>
+ </linux:rpminfo_object>
+</def-group>
diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
index b718ded260..ff08354f40 100644
--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
@@ -3,31 +3,33 @@
<metadata>
<title>Kernel Runtime Parameter IPv6 Check</title>
<affected family="unix">
- <platform>multi_platform_alinux</platform>
- <platform>multi_platform_almalinux</platform>
- <platform>multi_platform_anolis</platform>
- <platform>multi_platform_debian</platform>
- <platform>multi_platform_example</platform>
- <platform>multi_platform_fedora</platform>
- <platform>multi_platform_kylinserver</platform>
- <platform>multi_platform_openembedded</platform>
- <platform>multi_platform_openeuler</platform>
- <platform>multi_platform_opensuse</platform>
- <platform>multi_platform_ol</platform>
- <platform>multi_platform_rhcos</platform>
- <platform>multi_platform_rhel</platform>
- <platform>multi_platform_rhv</platform>
- <platform>multi_platform_sle</platform>
- <platform>multi_platform_slmicro</platform>
- <platform>multi_platform_tencentos</platform>
- <platform>multi_platform_ubuntu</platform>
+ <platform>multi_platform_alinux</platform>
+ <platform>multi_platform_almalinux</platform>
+ <platform>multi_platform_anolis</platform>
+ <platform>multi_platform_debian</platform>
+ <platform>multi_platform_example</platform>
+ <platform>multi_platform_fedora</platform>
+ <platform>multi_platform_kylinserver</platform>
+ <platform>multi_platform_openembedded</platform>
+ <platform>multi_platform_openeuler</platform>
+ <platform>multi_platform_opensuse</platform>
+ <platform>multi_platform_ol</platform>
+ <platform>multi_platform_rhcos</platform>
+ <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhv</platform>
+ <platform>multi_platform_sle</platform>
+ <platform>multi_platform_slmicro</platform>
+ <platform>multi_platform_tencentos</platform>
+ <platform>multi_platform_ubuntu</platform>
</affected>
<description>Disables IPv6 for all network interfaces.</description>
</metadata>
<criteria comment="IPv6 disabled or net.ipv6.conf.all.disable_ipv6 set correctly" operator="OR">
<criteria operator="AND">
- <extend_definition comment="net.ipv6.conf.all.disable_ipv6 configuration setting check" definition_ref="sysctl_net_ipv6_conf_all_disable_ipv6_static" />
- <extend_definition comment="net.ipv6.conf.all.disable_ipv6 runtime setting check" definition_ref="sysctl_net_ipv6_conf_all_disable_ipv6_runtime" />
+ <extend_definition comment="net.ipv6.conf.all.disable_ipv6 configuration setting check"
+ definition_ref="sysctl_net_ipv6_conf_all_disable_ipv6_static" />
+ <extend_definition comment="net.ipv6.conf.all.disable_ipv6 runtime setting check"
+ definition_ref="sysctl_net_ipv6_conf_all_disable_ipv6_runtime" />
</criteria>
</criteria>
</definition>
diff --git a/ssg/constants.py b/ssg/constants.py
index 0dd3752b30..86059d935b 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -240,6 +240,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = {
"SUSE Linux Enterprise 15": "sle15",
"SUSE Linux Enterprise Micro 5": "slmicro5",
"SUSE Linux Enterprise Micro 6": "slmicro6",
+ "openSUSE Leap Micro 6": "opensuse_leap_micro6",
"TencentOS Server 4": "tencentos4",
"Ubuntu 22.04": "ubuntu2204",
"Ubuntu 24.04": "ubuntu2404",
@@ -297,7 +298,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
"openeuler", "kylinserver",
"opensuse", "sle", "tencentos", "ol", "ocp", "rhcos",
"example", "eks", "alinux", "anolis", "openembedded", "al",
- "slmicro", "almalinux"]
+ "slmicro", "almalinux", "opensuse_leap_micro", "opensuse_leap_micro6"]
MULTI_PLATFORM_MAPPING = {
"multi_platform_alinux": ["alinux2", "alinux3"],
@@ -309,7 +310,7 @@ MULTI_PLATFORM_MAPPING = {
"multi_platform_fedora": ["fedora"],
"multi_platform_kylinserver": ["kylinserver10"],
"multi_platform_openeuler": ["openeuler2203"],
- "multi_platform_opensuse": ["opensuse"],
+ "multi_platform_opensuse": ["opensuse", "opensuse_leap_micro6"],
"multi_platform_ol": ["ol7", "ol8", "ol9", "ol10"],
"multi_platform_ocp": ["ocp4"],
"multi_platform_rhcos": ["rhcos4"],
@@ -317,6 +318,7 @@ MULTI_PLATFORM_MAPPING = {
"multi_platform_rhv": ["rhv4"],
"multi_platform_sle": ["sle12", "sle15"],
"multi_platform_slmicro": ["slmicro5", "slmicro6"],
+ "multi_platform_opensuse_leap_micro": ["opensuse_leap_micro6"],
"multi_platform_tencentos": ["tencentos4"],
"multi_platform_ubuntu": ["ubuntu2204", "ubuntu2404"],
"multi_platform_openembedded": ["openembedded"],
--
2.51.1
