Break Base SLE16 control file into sections

teacup-on-rockingchair · teacup-on-rockingchair · commit 02c73edb72d7 · 2025-11-03T09:18:53.000+02:00
The section files are placed in the base_sle16 directory, each section should cover a functional section of the control policy and has pre-allocated range of ids
diff --git a/controls/base_sle16.yml b/controls/base_sle16.yml
@@ -11,38 +11,3 @@ levels:
     - id: anssi_minimal
 
 product: sle16
-
-controls:
-    - id: SLES-16-16016015
-      levels:
-          - pcidss4
-          - anssi_minimal
-      title: SLES 16 must be a vendor-supported release.
-      rules:
-          - installed_OS_is_vendor_supported
-      status: automated
-
-    - id: SLES-16-16016020
-      title: Enable NX/XD Support
-      levels:
-          - pcidss4
-      automated: partially
-      rules:
-          - bios_enable_execution_restrictions
-          - install_PAE_kernel_on_x86-32
-
-    - id: SLES-16-16016025
-      title: Ensure All Files Are Owned by a Group
-      levels:
-          - anssi_minimal
-      rules:
-          - file_permissions_ungroupowned
-      status: automated
-
-    - id: SLES-16-16016030
-      title: Ensure All Files Are Owned by a User
-      levels:
-          - anssi_minimal
-      rules:
-          - no_files_unowned_by_user
-      status: automated
diff --git a/controls/base_sle16/0000_os_general.yml b/controls/base_sle16/0000_os_general.yml
@@ -0,0 +1,16 @@
+#
+# A group of rules regarding general operating system functionality
+# and system software installed
+#
+# SLES-16 ids allocated for this group from SLES-16-16016000 till SLES-16-16016099
+#
+
+controls:
+    - id: SLES-16-16016005
+      levels:
+          - pcidss4
+          - anssi_minimal
+      title: SLES 16 must be a vendor-supported release.
+      rules:
+          - installed_OS_is_vendor_supported
+      status: automated
diff --git a/controls/base_sle16/0100_file_ownership_n_permissions.yml b/controls/base_sle16/0100_file_ownership_n_permissions.yml
@@ -0,0 +1,20 @@
+#
+# Rules regarding secure file ownersip and permissions
+# SLES-16 ids allocated for this group from SLES-16-16016100 till SLES-16-16016399
+#
+controls:
+    - id: SLES-16-16016100
+      title: Ensure All Files Are Owned by a Group
+      levels:
+          - anssi_minimal
+      rules:
+          - file_permissions_ungroupowned
+      status: automated
+
+    - id: SLES-16-16016105
+      title: Ensure All Files Are Owned by a User
+      levels:
+          - anssi_minimal
+      rules:
+          - no_files_unowned_by_user
+      status: automated
diff --git a/controls/base_sle16/0400_kernel_paramters.yml b/controls/base_sle16/0400_kernel_paramters.yml
@@ -0,0 +1,14 @@
+#
+# A group of rules regarding kernel parameters and modules configuration and installation
+#
+# SLES-16 ids allocated for this group from SLES-16-16016400 till SLES-16-16016499
+#
+controls:
+    - id: SLES-16-16016400
+      title: Enable NX/XD Support
+      levels:
+          - pcidss4
+      automated: partially
+      rules:
+          - bios_enable_execution_restrictions
+          - install_PAE_kernel_on_x86-32
