ComplianceAsCode · teacup-on-rockingchair · Aug 2, 2023 · Jul 26, 2023
diff --git a/linux_os/guide/system/apparmor/apparmor_configured/rule.yml b/linux_os/guide/system/apparmor/apparmor_configured/rule.yml
@@ -44,7 +44,7 @@ references:
     cis@sle15: 1.7.1.2
     disa: CCI-001764,CCI-001774,CCI-002165,CCI-002233,CCI-002235
     nist: AC-3(4),AC-6(8),AC-6(10),CM-7(5)(b),CM-7(2),SC-7(21),CM-6(a)
-    srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
+    srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
     stigid@sle12: SLES-12-010600
     stigid@sle15: SLES-15-010390
     stigid@ubuntu2004: UBTU-20-010439

diff --git a/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml b/linux_os/guide/system/apparmor/package_pam_apparmor_installed/rule.yml
@@ -22,7 +22,7 @@ references:
     cis@sle15: 1.7.1.1
     disa: CCI-001764,CCI-001774,CCI-002165,CCI-002233,CCI-002235
     nist: AC-3(4),AC-6(8),AC-6(10),CM-7(5)(b),CM-7(2),SC-7(21),CM-6(a)
-    srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
+    srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000312-GPOS-00124,SRG-OS-000324-GPOS-00125,SRG-OS-000326-GPOS-00126,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00230,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
     stigid@sle12: SLES-12-010600
     stigid@sle15: SLES-15-010390
 

diff --git a/shared/references/disa-stig-sle12-v2r10-xccdf-manual.xml b/shared/references/disa-stig-sle12-v2r10-xccdf-manual.xml
@@ -1044,7 +1044,7 @@ Users' home directories/folders may contain information of a sensitive nature. N
 
 Apparmor can confine users to their home directory, not allowing them to make any changes outside of their own home directories. Confining users to their home directory will minimize the risk of sharing information.
 
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125, SRG-OS-000326-GPOS-00126, SRG-OS-000370-GPOS-00155, SRG-OS-000480-GPOS-00230&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91865</ident><ident system="http://cyber.mil/legacy">V-77169</ident><ident system="http://cyber.mil/cci">CCI-001774</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002233</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-18384r646718_fix">Configure the SUSE operating system to blacklist all applications by default and permit by whitelist.
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125, SRG-OS-000326-GPOS-00126, SRG-OS-000370-GPOS-00155, SRG-OS-000480-GPOS-00230&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target SUSE Linux Enterprise Server 12</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>SUSE Linux Enterprise Server 12</dc:subject><dc:identifier>4033</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-91865</ident><ident system="http://cyber.mil/legacy">V-77169</ident><ident system="http://cyber.mil/cci">CCI-001774</ident><ident system="http://cyber.mil/cci">CCI-002165</ident><ident system="http://cyber.mil/cci">CCI-002233</ident><ident system="http://cyber.mil/cci">CCI-002235</ident><fixtext fixref="F-18384r646718_fix">Configure the SUSE operating system to blacklist all applications by default and permit by whitelist.
 
 Install "pam_apparmor" (if it is not installed) with the following command: