Add rule aide_scan_notification to sle micro 5 stig profile

controls/stig_slmicro5.yml

@@ -1366,8 +1366,9 @@ controls:
           SLEM 5 must notify the system administrator (SA) when Advanced Intrusion
           Detection Environment (AIDE) discovers anomalies in the operation of any security
           functions.
-      rules: []
-      status: pending
+      rules:
+          - aide_scan_notification
+      status: automated
 
     - id: SLEM-05-652010
       levels:

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml

@@ -12,7 +12,7 @@
   with_items:
     - aide
 
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
 - name: "{{{ rule_title }}} check service"
   ansible.builtin.blockinfile:
       create: yes

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh

@@ -3,7 +3,7 @@
 {{{ bash_package_install("aide") }}}
 {{{ bash_instantiate_variables("var_aide_scan_notification_email") }}}
 
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
 # create unit file for periodic aide database check
 cat > /etc/systemd/system/aidecheck.service <<CHECKEOF
 [Unit]

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml

@@ -11,7 +11,7 @@
           test_ref="test_aide_var_cron_notification" />
         <criterion comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)"
           test_ref="test_aide_crontabs_notification" />
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
         <criteria operator="AND">
           <criterion comment="notification started after check"
             test_ref="test_aidecheck_systemd_scan_before_notification"/>
@@ -52,7 +52,7 @@
     <ind:pattern operation="pattern match">^.*{{{ aide_bin_path }}}[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
   <ind:textfilecontent54_test check="all" check_existence="all_exist"
     id="test_aidecheck_systemd_scan_report" version="1"
     comment="report results of aide check, when started by systemd">
@@ -61,7 +61,7 @@
   <ind:textfilecontent54_object id="obj_aidecheck_systemd_report" version="1"
     comment="run aide check with output to a report file">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^ExecStart\=.*/usr/bin/aide[\s]*\-\-check.*\-r\s*file:\/w*.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*ExecStart\=.*/usr/bin/aide[\s]*\-\-check.*\-r\s*file:\/w*.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_test check="all" check_existence="all_exist"
@@ -72,7 +72,7 @@
   <ind:textfilecontent54_object id="obj_aidecheck_systemd_before_notification" version="1"
     comment="run aide check before notification">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^Before\=.*aidecheck-notify.service$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*Before\=.*aidecheck-notify.service.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
@@ -83,7 +83,7 @@
   <ind:textfilecontent54_object id="object_aidecheck_for_notification_enabled" version="1"
     comment="list of dependencies should include aidecheck.service">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^Wants\=.*aidecheck-notify.service.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*Wants\=.*aidecheck-notify.service.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 {{% endif %}}

linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml

@@ -32,6 +32,7 @@ identifiers:
     cce@rhel10: CCE-90177-7
     cce@sle12: CCE-83048-9
     cce@sle15: CCE-91214-7
+    cce@slmicro5: CCE-93722-7
 
 references:
     cis-csc: 1,11,12,13,15,16,2,3,5,7,8,9
@@ -54,7 +55,7 @@ ocil_clause: 'AIDE has not been configured or has not been configured to notify
 
 ocil: |-
     To determine that periodic AIDE execution has been scheduled, run the following command:
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
     <pre>$ sudo systemctl status  aidecheck-notify|grep loaded</pre>
     The output should return that the service is loaded.
     Also we should make sure that notification service is started by the check:
@@ -73,7 +74,7 @@ fixtext: |-
     The AIDE tool can be configured to email designated personnel with the use of the cron system.
 
     The following example output is generic. It will set cron to run AIDE daily and to send email at the completion of the analysis.
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
     $ cat > /etc/systemd/system/aidecheck-notify.service <<NOTIFYEOF
     [Unit]
         Description=Status email for AIDE check result

shared/references/cce-slmicro5-avail.txt

@@ -9,7 +9,6 @@ CCE-93709-4
 CCE-93713-6
 CCE-93711-0
 CCE-93712-8
-CCE-93722-7
 CCE-93726-8
 CCE-93743-3
 CCE-93757-3