From d0b9f944181bd5cd749c45d4f7d5fbf38a9ee32e Mon Sep 17 00:00:00 2001
From: svet-se <svetlin.boychev@suse.com>
Date: Thu, 17 Oct 2024 10:19:12 +0300
Subject: [PATCH] Add rule security_patches_up_to_date to sle micro 5 stig
 profile

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../updating/security_patches_up_to_date/ansible/shared.yml  | 2 +-
 .../updating/security_patches_up_to_date/bash/shared.sh      | 2 +-
 .../software/updating/security_patches_up_to_date/rule.yml   | 3 ++-
 products/slmicro5/product.yml                                | 1 +
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 6 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index ae440932ec8..3492a947d12 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -106,8 +106,9 @@ controls:
       title:
           Vendor-packaged SLEM 5 security patches and updates must be installed and
           up to date.
-      rules: []
-      status: pending
+      rules:
+          - security_patches_up_to_date
+      status: automated
     
     - id: SLEM-05-214015
       levels:
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml
index dc892e92010..4db0a242e22 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_al2023,multi_platform_alinux,multi_platform_anolis,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 # reboot = true
 # strategy = patch
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
index 8032672b10e..6e1c8972057 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_sle,multi_platform_slmicro
 # reboot = true
 # strategy = patch
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index f80ebf09b02..e773808087f 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -16,7 +16,7 @@ description: |-
     <pre>$ sudo yum update</pre>
     If the system is not configured to use one of these sources, updates (in the form of RPM packages)
     can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
-{{% elif product in ["sle12", "sle15"] %}}
+{{% elif product in ["sle12", "sle15", "slmicro5"] %}}
     If the system is configured for online updates, invoking the following command will list available
     security updates:
     <pre>$ sudo zypper refresh &amp;&amp; sudo zypper list-patches -g security</pre>
@@ -42,6 +42,7 @@ identifiers:
     cce@rhel9: CCE-84185-8
     cce@sle12: CCE-83002-6
     cce@sle15: CCE-83261-8
+    cce@slmicro5: CCE-93804-3
 
 references:
     cis-csc: 18,20,4
diff --git a/products/slmicro5/product.yml b/products/slmicro5/product.yml
index cc2cb4a7907..5d7b6425c57 100644
--- a/products/slmicro5/product.yml
+++ b/products/slmicro5/product.yml
@@ -14,6 +14,7 @@ init_system: "systemd"
 pkg_manager: "zypper"
 pkg_manager_config_file: "/etc/zypp/zypp.conf"
 
+oval_feed_url: "https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.micro.5-patch.xml.bz2"
 
 aide_bin_path: "/usr/bin/aide"
 
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index bbd172b28b9..50e9e6a2a60 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -13,7 +13,6 @@ CCE-93743-3
 CCE-93757-3
 CCE-93777-1
 CCE-93783-9
-CCE-93804-3
 CCE-93805-0
 CCE-93806-8
 CCE-93807-6