From 81413b278e2c652dad81f7697ce27045f9cb37d0 Mon Sep 17 00:00:00 2001
From: rchikov <rumen.chikov@suse.com>
Date: Mon, 26 Aug 2024 11:48:49 +0200
Subject: [PATCH] Updated rules based on template service_enabled to support
 SLEM

---
 controls/stig_slmicro5.yml                             | 10 ++++++----
 .../guide/auditing/service_auditd_enabled/rule.yml     |  1 +
 .../service_firewalld_enabled/rule.yml                 |  1 +
 shared/references/cce-slmicro5-avail.txt               |  2 --
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index b2b930dd10a..d22cadddeea 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -408,8 +408,9 @@ controls:
           SLEM 5 must be configured to prohibit or restrict the use of functions, ports,
           protocols, and/or services as defined in the Ports, Protocols, and Services Management
           (PPSM) Category Assignments List (CAL) and vulnerability assessments.
-      rules: []
-      status: pending
+      rules: 
+          - service_firewalld_enabled
+      status: automated
     
     - id: SLEM-05-252010
       levels:
@@ -1330,8 +1331,9 @@ controls:
       title:
           SLEM 5 audit records must contain information to establish what type of events
           occurred, the source of events, where events occurred, and the outcome of events.
-      rules: []
-      status: pending
+      rules: 
+          - service_auditd_enabled
+      status: automated
     
     - id: SLEM-05-653020
       levels:
diff --git a/linux_os/guide/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
index b42b126435e..5608116a86d 100644
--- a/linux_os/guide/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel10: CCE-87955-1
     cce@sle12: CCE-83024-0
     cce@sle15: CCE-85581-7
+    cce@slmicro5: CCE-93768-0
 
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 399f868b461..bca6850c3e0 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -22,6 +22,7 @@ identifiers:
     cce@rhel10: CCE-88110-2
     cce@sle12: CCE-91466-3
     cce@sle15: CCE-85751-6
+    cce@slmicro5: CCE-93769-8
 
 references:
     cis-csc: 11,3,9
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 836e2a29b3a..71d71b7615b 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -61,8 +61,6 @@ CCE-93764-9
 CCE-93765-6
 CCE-93766-4
 CCE-93767-2
-CCE-93768-0
-CCE-93769-8
 CCE-93770-6
 CCE-93771-4
 CCE-93772-2