From d0257791b18ec567deda7eba8d0131100dd5164b Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Mon, 23 Feb 2026 10:42:46 +0200
Subject: [PATCH 1/4] Make sure that distro delivered config in
 /usr/etc/ssh/sshd_config is also checked for permissions

---
 products/sle16/product.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/products/sle16/product.yml b/products/sle16/product.yml
index 0dc5122176df..aabd27f77614 100644
--- a/products/sle16/product.yml
+++ b/products/sle16/product.yml
@@ -45,3 +45,5 @@ sysctl_remediate_drop_in_file: "true"
 journald_conf_dir_path: /etc/systemd/journal.d
 xwindows_packages:
   - xwayland
+
+sshd_main_config_file: /usr/etc/ssh/sshd_config

From 1d0e75b7b1689fe1c5b63e7a58bcebe106e0fce0 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 24 May 2026 10:29:33 +0300
Subject: [PATCH 2/4] Simplify SLE16 handling in SSH rules - sle16 OVAL is
 removed and test for checking main config file exist is added - tests
 checking /usr/etc/ssh stuff are removed and tests use sshd_main_config_file
 and sshd_config_dir

---
 .../sshd_limit_user_access/oval/shared.xml    |  17 ++
 .../sshd_limit_user_access/oval/sle16.xml     | 100 ----------
 .../tests/allow_groups.pass.sh                |   2 +-
 ...low_groups_etc_ssh_sshd_config_dir.pass.sh |   3 +-
 .../allow_groups_main_config_missing.fail.sh  |   5 +
 .../tests/allow_users.pass.sh                 |   2 +-
 .../tests/allow_users_groups.pass.sh          |   4 +-
 ...llow_users_usr_etc_ssh_sshd_config.pass.sh |   5 -
 .../sshd_limit_user_access/tests/common.sh    |  14 +-
 .../deny_group_in_usr_etc_missing.fail.sh     |   2 +-
 .../tests/deny_groups.pass.sh                 |   2 +-
 .../tests/deny_users.pass.sh                  |   2 +-
 .../tests/deny_users_groups.pass.sh           |   4 +-
 ..._users_usr_etc_ssh_sshd_config_dir.pass.sh |   5 -
 .../tests/empty_groups.fail.sh                |   4 +-
 .../tests/empty_users.fail.sh                 |   4 +-
 .../sshd_set_idle_timeout/oval/shared.xml     |   8 +
 .../sshd_set_idle_timeout/oval/sle16.xml      | 153 ----------------
 .../sshd_set_login_grace_time/oval/shared.xml |   8 +
 .../sshd_set_login_grace_time/oval/sle16.xml  | 153 ----------------
 ...rect_value_etc_sshd_config_drop_in.pass.sh |   4 +-
 ...c_sshd_config_drop_in_missing_main.fail.sh |   5 +
 ...lue_in_usr_etc_sshd_config_present.fail.sh |   6 -
 .../correct_value_usr_etc_sshd_config.pass.sh |   5 -
 ..._value_usr_etc_sshd_config_drop_in.pass.sh |   5 -
 .../tests/include.sh                          |  12 +-
 .../tests/lower_bound.pass.sh                 |   2 +-
 .../tests/no_limit.fail.sh                    |   2 +-
 .../tests/too_high.fail.sh                    |   2 +-
 .../too_high_etc_sshd_config_drop_in.fail.sh  |   2 +-
 .../too_high_usr_etc_sshd_config.fail.sh      |   5 -
 ...o_high_usr_etc_sshd_config_drop_in.fail.sh |   5 -
 .../sshd_set_max_auth_tries/oval/shared.xml   |   8 +
 .../sshd_set_max_auth_tries/oval/sle16.xml    | 153 ----------------
 ...orrect_value_drop_in_main_missing.fail.sh} |   2 +-
 .../tests/correct_value_equals.pass.sh        |   2 +-
 ...rect_value_etc_sshd_config_drop_in.pass.sh |   3 +-
 ...lue_in_usr_etc_sshd_config_present.fail.sh |   7 -
 .../tests/correct_value_less_than.pass.sh     |   2 +-
 ..._value_usr_etc_sshd_config_drop_in.pass.sh |   6 -
 .../sshd_set_max_auth_tries/tests/include.sh  |  14 +-
 ...rong_value_etc_sshd_config_drop_in.fail.sh |   3 +-
 .../tests/wrong_value_less_than_0.fail.sh     |   2 +-
 .../tests/wrong_value_more_than.fail.sh       |   2 +-
 .../wrong_value_usr_etc_sshd_config.fail.sh   |   6 -
 ..._value_usr_etc_sshd_config_drop_in.fail.sh |   6 -
 .../sshd_set_max_sessions/oval/shared.xml     |   8 +
 .../sshd_set_max_sessions/oval/sle16.xml      | 153 ----------------
 ...rect_value_etc_sshd_config_drop_in.pass.sh |   3 +-
 ...lue_in_usr_etc_sshd_config_present.fail.sh |   7 -
 .../correct_value_usr_etc_sshd_config.pass.sh |   6 -
 ..._value_usr_etc_sshd_config_drop_in.pass.sh |   6 -
 .../sshd_set_max_sessions/tests/include.sh    |  14 +-
 .../tests/lower_bound.pass.sh                 |   8 +-
 .../tests/too_high.fail.sh                    |   8 +-
 ...rong_value_etc_sshd_config_drop_in.fail.sh |   3 +-
 .../wrong_value_usr_etc_sshd_config.fail.sh   |   6 -
 ..._value_usr_etc_sshd_config_drop_in.fail.sh |   6 -
 .../sshd_set_maxstartups/oval/shared.xml      |   8 +
 .../sshd_set_maxstartups/oval/sle16.xml       | 151 ----------------
 ...rect_value_etc_sshd_config_drop_in.pass.sh |   3 +-
 ...lue_in_usr_etc_sshd_config_present.fail.sh |   7 -
 .../correct_value_usr_etc_sshd_config.pass.sh |   6 -
 ..._value_usr_etc_sshd_config_drop_in.pass.sh |   6 -
 .../sshd_set_maxstartups/tests/include.sh     |  14 +-
 .../tests/lenient_value_full.fail.sh          |   6 +-
 .../tests/lenient_value_rate.fail.sh          |   6 +-
 .../tests/lenient_value_start.fail.sh         |   6 +-
 .../tests/stricter_value.pass.sh              |   6 +-
 ...rong_value_etc_sshd_config_drop_in.fail.sh |   3 +-
 .../wrong_value_usr_etc_sshd_config.fail.sh   |   6 -
 ..._value_usr_etc_sshd_config_drop_in.fail.sh |   6 -
 .../sshd_use_strong_kex/ansible/shared.yml    |  43 +++--
 .../sshd_use_strong_kex/bash/shared.sh        |  31 ++--
 .../sshd_use_strong_kex/oval/shared.xml       |   9 +
 .../sshd_use_strong_kex/oval/sle16.xml        | 171 ------------------
 .../tests/commented.fail.sh                   |   5 +-
 .../tests/conflicting.fail.sh                 |   6 +-
 .../tests/conflicting_dir.fail.sh             |   6 +-
 .../tests/correct_dir.pass.sh                 |   9 +-
 .../tests/correct_mixed.pass.sh               |   5 +-
 .../tests/correct_subset.pass.sh              |   4 +-
 .../tests/correct_value.pass.sh               |   5 +-
 ...rect_value_etc_sshd_config_drop_in.pass.sh |   7 -
 ...lue_in_usr_etc_sshd_config_present.fail.sh |   7 -
 .../correct_value_usr_etc_sshd_config.pass.sh |   7 -
 ..._value_usr_etc_sshd_config_drop_in.pass.sh |   6 -
 .../tests/good_kex_sle.pass.sh                |   4 +-
 .../sshd_use_strong_kex/tests/include.sh      |  14 +-
 .../tests/weak_kex.fail.sh                    |   5 +-
 .../tests/weak_kex_dir.fail.sh                |   7 +-
 ...rong_value_etc_sshd_config_drop_in.fail.sh |   6 -
 .../wrong_value_usr_etc_sshd_config.fail.sh   |   6 -
 ..._value_usr_etc_sshd_config_drop_in.fail.sh |   6 -
 94 files changed, 239 insertions(+), 1360 deletions(-)
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/sle16.xml
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_main_config_missing.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_usr_etc_ssh_sshd_config.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_usr_etc_ssh_sshd_config_dir.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/sle16.xml
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/sle16.xml
 create mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in_missing_main.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config_drop_in.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/sle16.xml
 rename linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/{correct_value_usr_etc_sshd_config.pass.sh => correct_value_drop_in_main_missing.fail.sh} (59%)
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/sle16.xml
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/sle16.xml
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/sle16.xml
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config.fail.sh
 delete mode 100644 linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/shared.xml
index 64801d0bb571..1132337dc0c6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/shared.xml
@@ -6,14 +6,31 @@
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("One of the following parameters of the sshd configuration file is set:  AllowUsers, DenyUsers, AllowGroups, DenyGroups.", rule_title=rule_title) }}}
+    {{% if product in [ 'sle16', 'slmicro6' ] %}}
+    <criteria operator="AND">
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        <criteria operator="OR">
+            <criterion test_ref="test_allow_user_is_configured" />
+            <criterion test_ref="test_allow_group_is_configured" />
+            <criterion test_ref="test_deny_user_is_configured" />
+            <criterion test_ref="test_deny_group_is_configured" />
+        </criteria>
+    </criteria>
+    {{% else %}}
     <criteria operator="OR">
       <criterion test_ref="test_allow_user_is_configured" />
       <criterion test_ref="test_allow_group_is_configured" />
       <criterion test_ref="test_deny_user_is_configured" />
       <criterion test_ref="test_deny_group_is_configured" />
     </criteria>
+    {{% endif %}}
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_test id="test_allow_user_is_configured" version="1" check="all"
     check_existence="only_one_exists" comment="Check if there is an AllowUsers entry">
     <ind:object object_ref="obj_allow_user" />
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/sle16.xml
deleted file mode 100644
index 8dce53384a11..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/oval/sle16.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-{{% macro test_sshd_lineinfile(filepath, param, id) %}}
-{{%- set object_id = filepath | replace("/", "_") | replace("-", "_") | replace(".", "_") -%}}
-  <ind:textfilecontent54_test id="{{{ id }}}" version="1" check="all"
-    check_existence="only_one_exists" comment="Check if there is an {{{ param }}} entry in {{{ filepath }}}">
-    <ind:object object_ref="object_{{{ param }}}{{{ object_id }}}" />
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="object_{{{ param }}}{{{ object_id }}}" version="1">
-    <ind:filepath operation="pattern match">^{{{ filepath }}}</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^[ ]*{{{ param }}}[ ]+((?:[^ \n]+[ ]*)+)$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-{{% endmacro %}}
-
-{{% macro test_sshd_lineindir(filepath, param, id) %}}
-{{%- set object_id = filepath | replace("/", "_") | replace("-", "_") | replace(".", "_") -%}}
-  <ind:textfilecontent54_test id="{{{ id }}}" version="1" check="all"
-    check_existence="only_one_exists" comment="Check if there is an {{{ param }}} entry in {{{ filepath }}}">
-    <ind:object object_ref="object_{{{ param }}}{{{ object_id }}}" />
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_object id="object_{{{ param }}}{{{ object_id }}}" version="1">
-    <ind:path>{{{ filepath }}}</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^[ ]*{{{ param }}}[ ]+((?:[^ \n]+[ ]*)+)$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-{{% endmacro %}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="1">
-    {{{ oval_metadata("One of the following parameters of the sshd configuration file is set: AllowUsers, DenyUsers, AllowGroups, DenyGroups.", rule_title=rule_title) }}}
-    <criteria operator="OR" comment="sshd limits the users who can log in">
-      <criteria comment="AllowUsers, DenyUsers, AllowGroups, DenyGroups when using /etc/ssh/sshd_config" operator="AND">
-        <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-        <criteria operator="OR">
-            <criterion test_ref="test_allow_user_is_configured_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_allow_groups_is_configured_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_deny_users_is_configured_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_deny_groups_is_configured_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_allow_user_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_groups_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_users_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_groups_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_user_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_groups_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_users_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_groups_is_configured_usr_etc_ssh_sshdconfig_dir" />
-        </criteria>
-      </criteria>
-      <criteria comment="AllowUsers, DenyUsers, AllowGroups, DenyGroups when using /usr/etc/ssh/sshd_config" operator="AND">
-        <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-        <criteria operator="OR">
-            <criterion test_ref="test_allow_user_is_configured_usr_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_allow_groups_is_configured_usr_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_deny_users_is_configured_usr_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_deny_groups_is_configured_usr_etc_ssh_sshdconfig" />
-            <criterion test_ref="test_allow_user_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_groups_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_users_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_groups_is_configured_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_user_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_allow_groups_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_users_is_configured_usr_etc_ssh_sshdconfig_dir" />
-            <criterion test_ref="test_deny_groups_is_configured_usr_etc_ssh_sshdconfig_dir" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  {{{ test_sshd_lineinfile("/etc/ssh/sshd_config", "AllowUsers", "test_allow_user_is_configured_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/etc/ssh/sshd_config", "AllowGroups", "test_allow_groups_is_configured_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/etc/ssh/sshd_config", "DenyUsers", "test_deny_users_is_configured_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/etc/ssh/sshd_config", "DenyGroups", "test_deny_groups_is_configured_etc_ssh_sshdconfig") }}}
-
-  {{{ test_sshd_lineinfile("/usr/etc/ssh/sshd_config", "AllowUsers", "test_allow_user_is_configured_usr_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/usr/etc/ssh/sshd_config", "AllowGroups", "test_allow_groups_is_configured_usr_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/usr/etc/ssh/sshd_config", "DenyUsers", "test_deny_users_is_configured_usr_etc_ssh_sshdconfig") }}}
-  {{{ test_sshd_lineinfile("/usr/etc/ssh/sshd_config", "DenyGroups", "test_deny_groups_is_configured_usr_etc_ssh_sshdconfig") }}}
-
-  {{{ test_sshd_lineindir("/etc/ssh/sshd_config.d", "AllowUsers", "test_allow_user_is_configured_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/etc/ssh/sshd_config.d", "AllowGroups", "test_allow_groups_is_configured_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/etc/ssh/sshd_config.d", "DenyUsers", "test_deny_users_is_configured_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/etc/ssh/sshd_config.d", "DenyGroups", "test_deny_groups_is_configured_etc_ssh_sshdconfig_dir") }}}
-
-  {{{ test_sshd_lineindir("/usr/etc/ssh/sshd_config.d", "AllowUsers", "test_allow_user_is_configured_usr_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/usr/etc/ssh/sshd_config.d", "AllowGroups", "test_allow_groups_is_configured_usr_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/usr/etc/ssh/sshd_config.d", "DenyUsers", "test_deny_users_is_configured_usr_etc_ssh_sshdconfig_dir") }}}
-  {{{ test_sshd_lineindir("/usr/etc/ssh/sshd_config.d", "DenyGroups", "test_deny_groups_is_configured_usr_etc_ssh_sshdconfig_dir") }}}
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups.pass.sh
index 0794a24e80a7..f0daa97ec5e2 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "AllowGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_etc_ssh_sshd_config_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_etc_ssh_sshd_config_dir.pass.sh
index 2f5b763698b1..4a20959b1df7 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_etc_ssh_sshd_config_dir.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_etc_ssh_sshd_config_dir.pass.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
 # platform = SUSE Linux Enterprise 16
 source common.sh
-echo "AllowGroups group" >> /etc/ssh/sshd_config.d/01-complianceascode-reinforce-os-defaults.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "AllowGroups group" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_main_config_missing.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_main_config_missing.fail.sh
new file mode 100644
index 000000000000..9320d1b42562
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_groups_main_config_missing.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# remediation = none
+# platform = SUSE Linux Enterprise 16
+source common.sh
+echo "AllowGroups group" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users.pass.sh
index 520d0a048faa..7892981a666e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
+echo "AllowUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_groups.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_groups.pass.sh
index 6d6bd04f37b6..a874996ac7cc 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_groups.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_groups.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 source common.sh
-echo "AllowUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
-echo "AllowGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "AllowUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"
+echo "AllowGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_usr_etc_ssh_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_usr_etc_ssh_sshd_config.pass.sh
deleted file mode 100644
index 04b090c1a148..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/allow_users_usr_etc_ssh_sshd_config.pass.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source common.sh
-
-echo "AllowUsers testuser1 testuser2 testuser3" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/common.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/common.sh
index 3c936c2321ce..51fa8540fad8 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/common.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/common.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^(Allow|Deny)(Users|Groups).*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_group_in_usr_etc_missing.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_group_in_usr_etc_missing.fail.sh
index 6d23da947c9d..50cb6a6c4089 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_group_in_usr_etc_missing.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_group_in_usr_etc_missing.fail.sh
@@ -3,5 +3,5 @@
 # platform = SUSE Linux Enterprise 16
 source common.sh
 
-touch /etc/ssh/sshd_config
+touch "{{{ sshd_main_config_file }}}"
 echo "DenyGroups testgroup" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_groups.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_groups.pass.sh
index 16f6e9d3d58f..18daf92f9f70 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_groups.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_groups.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "DenyGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "DenyGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users.pass.sh
index adb157baddd2..8ea7512083ec 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
 source common.sh
-echo "DenyUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
+echo "DenyUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_groups.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_groups.pass.sh
index ebe08fb81dea..50c70652d179 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_groups.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_groups.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 source common.sh
-echo "DenyUsers testuser1 testuser2 testuser3" >> /etc/ssh/sshd_config
-echo "DenyGroups testgroup1 testgroup2 testgroup3" >> /etc/ssh/sshd_config
+echo "DenyUsers testuser1 testuser2 testuser3" >> "{{{ sshd_main_config_file }}}"
+echo "DenyGroups testgroup1 testgroup2 testgroup3" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_usr_etc_ssh_sshd_config_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_usr_etc_ssh_sshd_config_dir.pass.sh
deleted file mode 100644
index bee5f9991a7c..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/deny_users_usr_etc_ssh_sshd_config_dir.pass.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source common.sh
-
-echo "DenyUsers user" >> /usr/etc/ssh/sshd_config.d/01-complianceascode-reinforce-os-defaults.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_groups.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_groups.fail.sh
index 1f6c11f7a4d1..e10582bc587d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_groups.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_groups.fail.sh
@@ -2,5 +2,5 @@
 # remediation = none
 
 source common.sh
-echo "AllowGroups " >> /etc/ssh/sshd_config
-echo "DenyGroups " >> /etc/ssh/sshd_config
+echo "AllowGroups " >> "{{{ sshd_main_config_file }}}"
+echo "DenyGroups " >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_users.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_users.fail.sh
index 55ea7d01cde3..03c8f62149f2 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_users.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_limit_user_access/tests/empty_users.fail.sh
@@ -2,5 +2,5 @@
 # remediation = none
 
 source common.sh
-echo "AllowUsers " >> /etc/ssh/sshd_config
-echo "DenyUsers " >> /etc/ssh/sshd_config
+echo "AllowUsers " >> "{{{ sshd_main_config_file }}}"
+echo "DenyUsers " >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml
index d5a4b06fe916..4a23972ad156 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/shared.xml
@@ -29,6 +29,10 @@
         definition_ref="package_openssh-server_installed" />
         {{% endif %}}
         <criteria comment="ClientAliveInterval is configured correctly" operator="AND">
+          {{%- if product in ["sle16", "slmicro6"] %}}
+          <criterion comment="test if configuration file {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+              test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+          {{%- endif %}}
           <criterion comment="Check ClientAliveInterval in /etc/ssh/sshd_config"
           test_ref="test_sshd_idle_timeout" />
           {{%- if sshd_distributed_config == "true" %}}
@@ -48,6 +52,10 @@
     </criteria>
   </definition>
 
+  {{%- if product in ["sle16", "slmicro6"] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{%- endif %}}
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
   comment="timeout is configured" id="test_sshd_idle_timeout" version="1">
     <ind:object object_ref="object_sshd_idle_timeout" />
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/sle16.xml
deleted file mode 100644
index 9c2ae2f9a78a..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/oval/sle16.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<def-group>
-  <definition class="compliance" id="sshd_set_idle_timeout" version="1">
-    {{{ oval_metadata("The SSH idle timeout interval should be set to an appropriate value.", rule_title=rule_title) }}}
-    <criteria comment="SSH is configured correctly or is not installed" operator="OR">
-      <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset" definition_ref="sshd_not_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server removed" definition_ref="package_openssh-server_removed"/>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed"/>
-        <criteria comment="ClientAliveInterval is configured correctly in /etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion comment="Check ClientAliveInterval in /usr/etc/ssh/sshd_config" test_ref="test_sshd_idle_timeout_etc" />
-          <criterion comment="Check ClientAliveInterval in /etc/ssh/sshd_config.d/" test_ref="test_sshd_idle_timeout_config_dir"/>
-          <criterion comment="Check ClientAliveInterval in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_idle_timeout_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_clientaliveinterval_present_etc" />
-        </criteria>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /usr/etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criteria comment="ClientAliveInterval is configured correctly in /usr/etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion comment="Check ClientAliveInterval in /usr/etc/ssh/sshd_config" test_ref="test_sshd_idle_timeout_usr" />
-          <criterion comment="Check ClientAliveInterval in /etc/ssh/sshd_config.d/" test_ref="test_sshd_idle_timeout_config_dir"/>
-          <criterion comment="Check ClientAliveInterval in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_idle_timeout_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_clientaliveinterval_present_usr" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="timeout is configured in /etc/ssh/sshd_config"
-    id="test_sshd_idle_timeout_etc" version="1">
-    <ind:object object_ref="object_sshd_idle_timeout_etc" />
-    <ind:state state_ref="state_timeout_value_upper_bound" />
-    <ind:state state_ref="state_timeout_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_idle_timeout_etc" version="2">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="timeout is configured in /usr/etc/ssh/sshd_config"
-    id="test_sshd_idle_timeout_usr" version="1">
-    <ind:object object_ref="object_sshd_idle_timeout_usr" />
-    <ind:state state_ref="state_timeout_value_upper_bound" />
-    <ind:state state_ref="state_timeout_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_idle_timeout_usr" version="2">
-    <ind:filepath>/usr/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="timeout is configured in config directory /etc/ssh/sshd_config.d"
-    id="test_sshd_idle_timeout_config_dir" version="1">
-    <ind:object object_ref="object_sshd_idle_timeout_config_dir" />
-    <ind:state state_ref="state_timeout_value_upper_bound" />
-    <ind:state state_ref="state_timeout_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_idle_timeout_config_dir" version="2">
-    <ind:path>/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="timeout is configured in config directory /usr/etc/ssh/sshd_config.d"
-    id="test_sshd_idle_timeout_usr_config_dir" version="1">
-    <ind:object object_ref="object_sshd_idle_timeout_usr_config_dir" />
-    <ind:state state_ref="state_timeout_value_upper_bound" />
-    <ind:state state_ref="state_timeout_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_idle_timeout_usr_config_dir" version="2">
-    <ind:path>/usr/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state comment="upper bound of ClientAliveInterval in seconds"
-  id="state_timeout_value_upper_bound" version="1">
-    <ind:subexpression datatype="int" operation="less than or equal" var_check="all"
-    var_ref="sshd_idle_timeout_value" />
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state comment="lower bound of ClientAliveInterval in seconds"
-  id="state_timeout_value_lower_bound" version="1">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_test id="test_clientaliveinterval_present_etc" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of ClientAliveInterval is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_idle_timeout" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_idle_timeout" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_idle_timeout_etc</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_idle_timeout_config_dir</object_reference>
-        <object_reference>object_sshd_idle_timeout_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_clientaliveinterval_present_usr" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of ClientAliveInterval is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_idle_timeout_usr" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_idle_timeout_usr" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_idle_timeout_usr</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_idle_timeout_config_dir</object_reference>
-        <object_reference>object_sshd_idle_timeout_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <external_variable comment="timeout value" datatype="int" id="sshd_idle_timeout_value" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/shared.xml
index 53d51f2abb17..1450fe1feb68 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/shared.xml
@@ -33,11 +33,19 @@
         <criterion comment="Check LoginGraceTime in /etc/ssh/sshd_config.d if any"
         test_ref="test_sshd_set_login_grace_time_config_dir" />
         {{% endif %}}
+        {{% if product in [ 'sle16', 'slmicro6' ] %}}
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        {{% endif %}}
         <criterion comment="the configuration exists" test_ref="test_LoginGraceTime_present_sshd_set_login_grace_time" />
       </criteria>
     </criteria>
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
   comment="LoginGraceTime is configured" id="test_sshd_login_grace_time" version="1">
     <ind:object object_ref="object_sshd_login_grace_time" />
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/sle16.xml
deleted file mode 100644
index 23137efd78b8..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/oval/sle16.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{rule_id}}}" version="1">
-    {{{ oval_metadata("The SSH number seconds for login grace time should be set to an appropriate value.", rule_title=rule_title) }}}
-    <criteria comment="SSH is configured correctly or is not installed" operator="OR">
-      <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset" definition_ref="sshd_not_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server removed" definition_ref="package_openssh-server_removed"/>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed"/>
-        <criteria comment="LoginGraceTime is configured correctly in /etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion comment="Check LoginGraceTime in /usr/etc/ssh/sshd_config" test_ref="test_sshd_login_grace_time_etc" />
-          <criterion comment="Check LoginGraceTime in /etc/ssh/sshd_config.d/" test_ref="test_sshd_login_grace_time_config_dir"/>
-          <criterion comment="Check LoginGraceTime in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_login_grace_time_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_login_grace_time_present_etc" />
-        </criteria>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /usr/etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criteria comment="LoginGraceTime is configured correctly in /usr/etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion comment="Check LoginGraceTime in /usr/etc/ssh/sshd_config" test_ref="test_sshd_login_grace_time_usr" />
-          <criterion comment="Check LoginGraceTime in /etc/ssh/sshd_config.d/" test_ref="test_sshd_login_grace_time_config_dir"/>
-          <criterion comment="Check LoginGraceTime in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_login_grace_time_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_login_grace_time_present_usr" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="LoginGraceTime is configured in /etc/ssh/sshd_config"
-    id="test_sshd_login_grace_time_etc" version="1">
-    <ind:object object_ref="object_sshd_login_grace_time_etc" />
-    <ind:state state_ref="state_login_grace_time_value_upper_bound" />
-    <ind:state state_ref="state_login_grace_time_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_login_grace_time_etc" version="2">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)LoginGraceTime[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="LoginGraceTime is configured in /usr/etc/ssh/sshd_config"
-    id="test_sshd_login_grace_time_usr" version="1">
-    <ind:object object_ref="object_sshd_login_grace_time_usr" />
-    <ind:state state_ref="state_login_grace_time_value_upper_bound" />
-    <ind:state state_ref="state_login_grace_time_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_login_grace_time_usr" version="2">
-    <ind:filepath>/usr/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)LoginGraceTime[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="LoginGraceTime is configured in drop-in directory /etc/ssh/sshd_config.d"
-    id="test_sshd_login_grace_time_config_dir" version="1">
-    <ind:object object_ref="object_sshd_login_grace_time_config_dir" />
-    <ind:state state_ref="state_login_grace_time_value_upper_bound" />
-    <ind:state state_ref="state_login_grace_time_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_login_grace_time_config_dir" version="2">
-    <ind:path>/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)LoginGraceTime[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="LoginGraceTime is configured in included directory /usr/etc/ssh/sshd_config.d"
-    id="test_sshd_login_grace_time_usr_config_dir" version="1">
-    <ind:object object_ref="object_sshd_login_grace_time_usr_config_dir" />
-    <ind:state state_ref="state_login_grace_time_value_upper_bound" />
-    <ind:state state_ref="state_login_grace_time_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_login_grace_time_usr_config_dir" version="2">
-    <ind:path>/usr/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)LoginGraceTime[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state comment="upper bound of LoginGraceTime in seconds"
-  id="state_login_grace_time_value_upper_bound" version="1">
-    <ind:subexpression datatype="int" operation="less than or equal" var_check="all"
-    var_ref="var_sshd_set_login_grace_time" />
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state comment="lower bound of LoginGraceTime in seconds"
-  id="state_login_grace_time_value_lower_bound" version="1">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_test id="test_login_grace_time_present_etc" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of LoginGraceTime is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_login_grace_time" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_login_grace_time" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_login_grace_time_etc</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_login_grace_time_config_dir</object_reference>
-        <object_reference>object_sshd_login_grace_time_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_login_grace_time_present_usr" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of LoginGraceTime is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_login_grace_time_usr" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_login_grace_time_usr" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_login_grace_time_usr</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_login_grace_time_config_dir</object_reference>
-        <object_reference>object_sshd_login_grace_time_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <external_variable comment="logingracetime value" datatype="int" id="var_sshd_set_login_grace_time" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in.pass.sh
index a0f68b4a5ccb..faa55b0674e2 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 # platform = SUSE Linux Enterprise 16
 source include.sh
-
-echo "LoginGraceTime 60" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "LoginGraceTime 60" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in_missing_main.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in_missing_main.fail.sh
new file mode 100644
index 000000000000..73cb0fe2bcda
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_etc_sshd_config_drop_in_missing_main.fail.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+# platform = SUSE Linux Enterprise 16
+source include.sh
+
+echo "LoginGraceTime 60" >> "{{{ sshd_config_dir }}}/01-complianceascode-reinforce-os-defaults.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
deleted file mode 100644
index b80e3832b591..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source include.sh
-
-touch /etc/ssh/sshd_config
-echo "LoginGraceTime 1" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config.pass.sh
deleted file mode 100644
index 3ed15582de0b..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config.pass.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source include.sh
-
-echo "LoginGraceTime 1" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index 1e72b109d85e..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source include.sh
-
-echo "LoginGraceTime 60" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/include.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/include.sh
index aee5eb2d0bec..cba906d74c37 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/include.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/include.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^LoginGraceTime.*/d' "${SSHD_PATHS[@]}"
 
 # restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/lower_bound.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/lower_bound.pass.sh
index 809d3c1f4659..a6239403e449 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/lower_bound.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/lower_bound.pass.sh
@@ -2,7 +2,7 @@
 # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_pci-dss-4
 # platform = multi_platform_all
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^LoginGraceTime" $SSHD_CONFIG; then
         sed -i "s/^LoginGraceTime.*/LoginGraceTime 1/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/no_limit.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/no_limit.fail.sh
index 738969589112..23f711678731 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/no_limit.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/no_limit.fail.sh
@@ -2,7 +2,7 @@
 # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_pci-dss-4
 # platform = multi_platform_all
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^LoginGraceTime" $SSHD_CONFIG; then
         sed -i "s/^LoginGraceTime.*/LoginGraceTime 0/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high.fail.sh
index 959f7d699345..f95e3f785eb3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high.fail.sh
@@ -2,7 +2,7 @@
 # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_pci-dss-4
 # platform = multi_platform_all
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^LoginGraceTime" $SSHD_CONFIG; then
         sed -i "s/^LoginGraceTime.*/LoginGraceTime 61/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_etc_sshd_config_drop_in.fail.sh
index 35ea7b48f5f4..160a1cc67380 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_etc_sshd_config_drop_in.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_etc_sshd_config_drop_in.fail.sh
@@ -2,4 +2,4 @@
 # platform = SUSE Linux Enterprise 16
 source include.sh
 
-echo "LoginGraceTime 61" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+echo "LoginGraceTime 61" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config.fail.sh
deleted file mode 100644
index 7010af0181bd..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config.fail.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source include.sh
-
-echo "LoginGraceTime 61" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index 1cdd63bb777a..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_login_grace_time/tests/too_high_usr_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source include.sh
-
-echo "LoginGraceTime 61" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/shared.xml
index ce045e925251..50d25a896906 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/shared.xml
@@ -27,6 +27,10 @@
         <extend_definition comment="rpm package openssh-server installed"
         definition_ref="package_openssh-server_installed" />
         {{% endif %}}
+        {{% if product in [ 'sle16', 'slmicro6' ] %}}
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        {{% endif %}}
         <criterion comment="Check MaxAuthTries in /etc/ssh/sshd_config"
         test_ref="test_sshd_max_auth_tries" />
         {{% if sshd_distributed_config == "true" %}}
@@ -38,6 +42,10 @@
     </criteria>
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
   comment="MaxAuthTries is configured" id="test_sshd_max_auth_tries" version="1">
     <ind:object object_ref="object_sshd_max_auth_tries" />
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/sle16.xml
deleted file mode 100644
index a9452bfb71aa..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/oval/sle16.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{rule_id}}}" version="1">
-    {{{ oval_metadata("The SSH MaxAuthTries should be set to an appropriate value.", rule_title=rule_title) }}}
-    <criteria comment="SSH is configured correctly or is not installed" operator="OR">
-      <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset" definition_ref="sshd_not_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server removed" definition_ref="package_openssh-server_removed"/>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed"/>
-        <criteria comment="MaxAuthTries is configured correctly in /etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion comment="Check MaxAuthTries in /usr/etc/ssh/sshd_config" test_ref="test_sshd_max_auth_tries_etc" />
-          <criterion comment="Check MaxAuthTries in /etc/ssh/sshd_config.d/" test_ref="test_sshd_max_auth_tries_config_dir"/>
-          <criterion comment="Check MaxAuthTries in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_max_auth_tries_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_max_auth_tries_present_etc" />
-        </criteria>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /usr/etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criteria comment="MaxAuthTries is configured correctly in /usr/etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion comment="Check MaxAuthTries in /usr/etc/ssh/sshd_config" test_ref="test_sshd_max_auth_tries_usr" />
-          <criterion comment="Check MaxAuthTries in /etc/ssh/sshd_config.d/" test_ref="test_sshd_max_auth_tries_config_dir"/>
-          <criterion comment="Check MaxAuthTries in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_max_auth_tries_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_max_auth_tries_present_usr" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxAuthTries is configured in /etc/ssh/sshd_config"
-    id="test_sshd_max_auth_tries_etc" version="1">
-    <ind:object object_ref="object_sshd_max_auth_tries_etc" />
-    <ind:state state_ref="state_max_auth_tries_value_upper_bound" />
-    <ind:state state_ref="state_max_auth_tries_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_auth_tries_etc" version="2">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxAuthTries[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxAuthTries is configured in /usr/etc/ssh/sshd_config"
-    id="test_sshd_max_auth_tries_usr" version="1">
-    <ind:object object_ref="object_sshd_max_auth_tries_usr" />
-    <ind:state state_ref="state_max_auth_tries_value_upper_bound" />
-    <ind:state state_ref="state_max_auth_tries_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_auth_tries_usr" version="2">
-    <ind:filepath>/usr/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxAuthTries[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxAuthTries is configured in drop-in directory /etc/ssh/sshd_config.d"
-    id="test_sshd_max_auth_tries_config_dir" version="1">
-    <ind:object object_ref="object_sshd_max_auth_tries_config_dir" />
-    <ind:state state_ref="state_max_auth_tries_value_upper_bound" />
-    <ind:state state_ref="state_max_auth_tries_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_auth_tries_config_dir" version="2">
-    <ind:path>/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxAuthTries[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxAuthTries is configured in included directory /usr/etc/ssh/sshd_config.d"
-    id="test_sshd_max_auth_tries_usr_config_dir" version="1">
-    <ind:object object_ref="object_sshd_max_auth_tries_usr_config_dir" />
-    <ind:state state_ref="state_max_auth_tries_value_upper_bound" />
-    <ind:state state_ref="state_max_auth_tries_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_auth_tries_usr_config_dir" version="2">
-    <ind:path>/usr/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxAuthTries[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state comment="upper bound of MaxAuthTries in number of sessions"
-  id="state_max_auth_tries_value_upper_bound" version="1">
-    <ind:subexpression datatype="int" operation="less than or equal" var_check="all"
-    var_ref="sshd_max_auth_tries_value" />
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state comment="lower bound of MaxAuthTries in number of sessions"
-  id="state_max_auth_tries_value_lower_bound" version="1">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_test id="test_max_auth_tries_present_etc" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of MaxAuthTries is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_max_auth_tries" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_max_auth_tries" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_auth_tries_etc</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_auth_tries_config_dir</object_reference>
-        <object_reference>object_sshd_max_auth_tries_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_max_auth_tries_present_usr" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of MaxAuthTries is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_max_auth_tries_usr" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_max_auth_tries_usr" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_auth_tries_usr</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_auth_tries_config_dir</object_reference>
-        <object_reference>object_sshd_max_auth_tries_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <external_variable comment="MaxAuthTries value" datatype="int" id="sshd_max_auth_tries_value" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_drop_in_main_missing.fail.sh
similarity index 59%
rename from linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config.pass.sh
rename to linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_drop_in_main_missing.fail.sh
index d902aa806c16..24655020cb27 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_drop_in_main_missing.fail.sh
@@ -3,4 +3,4 @@
 # variables = sshd_max_auth_tries_value=4
 source include.sh
 
-echo "MaxAuthTries 4" >> /usr/etc/ssh/sshd_config
+echo "MaxAuthTries 4" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_equals.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_equals.pass.sh
index 677772e05aa0..4b7998b2f8e8 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_equals.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_equals.pass.sh
@@ -2,7 +2,7 @@
 # platform = multi_platform_all
 # variables = sshd_max_auth_tries_value=4
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxAuthTries" $SSHD_CONFIG; then
 	sed -i "s/^MaxAuthTries.*/MaxAuthTries 4/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_etc_sshd_config_drop_in.pass.sh
index 4262a6713622..78a9c7ec6e45 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_etc_sshd_config_drop_in.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_etc_sshd_config_drop_in.pass.sh
@@ -3,4 +3,5 @@
 # variables = sshd_max_auth_tries_value=4
 source include.sh
 
-echo "MaxAuthTries 4" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxAuthTries 4" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
deleted file mode 100644
index 7b327ed220ce..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_max_auth_tries_value=4
-source include.sh
-
-touch /etc/ssh/sshd_config
-echo "MaxAuthTries 4" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_less_than.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_less_than.pass.sh
index e98176320dd5..65804b377bd3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_less_than.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_less_than.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxAuthTries" $SSHD_CONFIG; then
 	sed -i "s/^MaxAuthTries.*/MaxAuthTries 2/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index 0c0ad79ef4fe..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_max_auth_tries_value=4
-source include.sh
-
-echo "MaxAuthTries 4" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/include.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/include.sh
index 9790bbcd68d0..694b65066496 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/include.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/include.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^MaxAuthTries.*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
index 41136d9eb40b..7545f3875f53 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
@@ -3,4 +3,5 @@
 # variables = sshd_max_auth_tries_value=4
 source include.sh
 
-echo "MaxAuthTries 20" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxAuthTries 20" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_less_than_0.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_less_than_0.fail.sh
index ea6c4df36e66..ba8a7202e36b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_less_than_0.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_less_than_0.fail.sh
@@ -2,7 +2,7 @@
 # platform = multi_platform_all
 # variables = sshd_max_auth_tries_value=4
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxAuthTries" $SSHD_CONFIG; then
 	sed -i "s/^MaxAuthTries.*/MaxAuthTries 0/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_more_than.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_more_than.fail.sh
index 22281380ef69..c0995287b6c5 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_more_than.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_more_than.fail.sh
@@ -2,7 +2,7 @@
 # platform = multi_platform_all
 # variables = sshd_max_auth_tries_value=4
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxAuthTries" $SSHD_CONFIG; then
 	sed -i "s/^MaxAuthTries.*/MaxAuthTries 1000/" $SSHD_CONFIG
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config.fail.sh
deleted file mode 100644
index 218e4deb2407..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_max_auth_tries_value=4
-source include.sh
-
-echo "MaxAuthTries 5" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index 753e15c14404..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_max_auth_tries_value=4
-source include.sh
-
-echo "MaxAuthTries 0" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/shared.xml
index 207e84401ee0..223f81be14f5 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/shared.xml
@@ -33,11 +33,19 @@
         <criterion comment="Check MaxSessions in /etc/ssh/sshd_config.d if any"
         test_ref="test_sshd_set_max_sessions_config_dir" />
         {{% endif %}}
+        {{% if product in [ 'sle16', 'slmicro6' ] %}}
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config_file }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        {{% endif %}}
         <criterion comment="the configuration exists" test_ref="test_MaxSessions_present_sshd_set_max_sessions" />
       </criteria>
     </criteria>
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config_file, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config_file, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
   comment="MaxSessions is configured" id="test_sshd_max_sessions" version="1">
     <ind:object object_ref="object_sshd_max_sessions" />
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/sle16.xml
deleted file mode 100644
index 3acd7b75327d..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/oval/sle16.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{rule_id}}}" version="1">
-    {{{ oval_metadata("The SSH MaxSessions should be set to an appropriate value.", rule_title=rule_title) }}}
-    <criteria comment="SSH is configured correctly or is not installed" operator="OR">
-      <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset" definition_ref="sshd_not_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server removed" definition_ref="package_openssh-server_removed"/>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset"/>
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed"/>
-        <criteria comment="MaxSessions is configured correctly in /etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion comment="Check MaxSessions in /usr/etc/ssh/sshd_config" test_ref="test_sshd_max_session_etc" />
-          <criterion comment="Check MaxSessions in /etc/ssh/sshd_config.d/" test_ref="test_sshd_max_session_config_dir"/>
-          <criterion comment="Check MaxSessions in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_max_session_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_max_session_present_etc" />
-        </criteria>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /usr/etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criteria comment="MaxSessions is configured correctly in /usr/etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion comment="Check MaxSessions in /usr/etc/ssh/sshd_config" test_ref="test_sshd_max_session_usr" />
-          <criterion comment="Check MaxSessions in /etc/ssh/sshd_config.d/" test_ref="test_sshd_max_session_config_dir"/>
-          <criterion comment="Check MaxSessions in /usr/etc/ssh/sshd_config.d/" test_ref="test_sshd_max_session_usr_config_dir"/>
-          <criterion comment="the configuration exists" test_ref="test_max_session_present_usr" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxSessions is configured in /etc/ssh/sshd_config"
-    id="test_sshd_max_session_etc" version="1">
-    <ind:object object_ref="object_sshd_max_session_etc" />
-    <ind:state state_ref="state_max_session_value_upper_bound" />
-    <ind:state state_ref="state_max_session_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_session_etc" version="2">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxSessions[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxSessions is configured in /usr/etc/ssh/sshd_config"
-    id="test_sshd_max_session_usr" version="1">
-    <ind:object object_ref="object_sshd_max_session_usr" />
-    <ind:state state_ref="state_max_session_value_upper_bound" />
-    <ind:state state_ref="state_max_session_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_session_usr" version="2">
-    <ind:filepath>/usr/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxSessions[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxSessions is configured in drop-in directory /etc/ssh/sshd_config.d"
-    id="test_sshd_max_session_config_dir" version="1">
-    <ind:object object_ref="object_sshd_max_session_config_dir" />
-    <ind:state state_ref="state_max_session_value_upper_bound" />
-    <ind:state state_ref="state_max_session_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_session_config_dir" version="2">
-    <ind:path>/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxSessions[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test check="all" check_existence="any_exist"
-    comment="MaxSessions is configured in included directory /usr/etc/ssh/sshd_config.d"
-    id="test_sshd_max_session_usr_config_dir" version="1">
-    <ind:object object_ref="object_sshd_max_session_usr_config_dir" />
-    <ind:state state_ref="state_max_session_value_upper_bound" />
-    <ind:state state_ref="state_max_session_value_lower_bound" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="object_sshd_max_session_usr_config_dir" version="2">
-    <ind:path>/usr/etc/ssh/sshd_config.d</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)MaxSessions[\s]+(\d+)[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state comment="upper bound of MaxSessions in number of sessions"
-  id="state_max_session_value_upper_bound" version="1">
-    <ind:subexpression datatype="int" operation="less than or equal" var_check="all"
-    var_ref="var_sshd_max_sessions" />
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_state comment="lower bound of MaxSessions in number of sessions"
-  id="state_max_session_value_lower_bound" version="1">
-    <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
-  </ind:textfilecontent54_state>
-
-  <ind:textfilecontent54_test id="test_max_session_present_etc" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of MaxSessions is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_max_session" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_max_session" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_session_etc</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_session_config_dir</object_reference>
-        <object_reference>object_sshd_max_session_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_max_session_present_usr" version="1"
-    check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of MaxSessions is present">
-    <ind:object object_ref="obj_collection_obj_sshd_set_max_session_usr" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_collection_obj_sshd_set_max_session_usr" version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_session_usr</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>object_sshd_max_session_config_dir</object_reference>
-        <object_reference>object_sshd_max_session_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <external_variable comment="MaxSessions value" datatype="int" id="var_sshd_max_sessions" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_etc_sshd_config_drop_in.pass.sh
index 7fdb6123803b..5d49019e0382 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_etc_sshd_config_drop_in.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_etc_sshd_config_drop_in.pass.sh
@@ -3,4 +3,5 @@
 # variables = var_sshd_max_sessions=4
 source include.sh
 
-echo "MaxSessions 4" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxSessions 4" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
deleted file mode 100644
index 7f19908dcaea..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_max_sessions=4
-source include.sh
-
-touch /etc/ssh/sshd_config
-echo "MaxSessions 4" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config.pass.sh
deleted file mode 100644
index 180bd49bed98..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_max_sessions=4
-source include.sh
-
-echo "MaxSessions 4" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index 622d36446727..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_max_sessions=4
-source include.sh
-
-echo "MaxSessions 4" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/include.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/include.sh
index 4c8d058295d8..948f7c92d57b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/include.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/include.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^MaxSessions.*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/lower_bound.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/lower_bound.pass.sh
index 3aef4b5886dc..8a3365b80060 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/lower_bound.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/lower_bound.pass.sh
@@ -2,10 +2,10 @@
 # profiles = xccdf_org.ssgproject.content_profile_cis
 # platform = multi_platform_all
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxSessions" $SSHD_CONFIG; then
-        sed -i "s/^MaxSessions.*/MaxSessions 0/" $SSHD_CONFIG
-    else
-        echo "MaxSessions 0" >> $SSHD_CONFIG
+    sed -i "s/^MaxSessions.*/MaxSessions 0/" $SSHD_CONFIG
+else
+    echo "MaxSessions 0" >> $SSHD_CONFIG
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/too_high.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/too_high.fail.sh
index db46a202630b..a273177ba5a0 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/too_high.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/too_high.fail.sh
@@ -2,10 +2,10 @@
 # profiles = xccdf_org.ssgproject.content_profile_cis
 # platform = multi_platform_all
 
-SSHD_CONFIG="/etc/ssh/sshd_config"
+SSHD_CONFIG="{{{ sshd_main_config_file }}}"
 
 if grep -q "^MaxSessions" $SSHD_CONFIG; then
-        sed -i "s/^MaxSessions.*/MaxSessions 61/" $SSHD_CONFIG
-    else
-        echo "MaxSessions 61" >> $SSHD_CONFIG
+    sed -i "s/^MaxSessions.*/MaxSessions 61/" $SSHD_CONFIG
+else
+    echo "MaxSessions 61" >> $SSHD_CONFIG
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
index 606d55099420..4ee1998043a6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
@@ -3,4 +3,5 @@
 # variables = var_sshd_max_sessions=4
 source include.sh
 
-echo "MaxSessions 20" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxSessions 20" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config.fail.sh
deleted file mode 100644
index fe6f5a820988..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_max_sessions=4
-source include.sh
-
-echo "MaxSessions 5" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index 0c07b9608d42..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_max_sessions=4
-source include.sh
-
-echo "MaxSessions 10" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/shared.xml
index abce348e2d50..6fd6cc22d0ea 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/shared.xml
@@ -14,6 +14,10 @@
         {{% endif %}}
       </criteria>
       <criteria operator="AND">
+        {{% if product in [ 'sle16', 'slmicro6' ] %}}
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config_file }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        {{% endif %}}
         <criterion test_ref="tst_maxstartups_start_parameter" comment="SSH MaxStartups start parameter is less than or equal to 10"/>
         <criterion test_ref="tst_maxstartups_rate_parameter" comment="SSH MaxStartups rate parameter is greater than or equal to 30"/>
         <criterion test_ref="tst_maxstartups_full_parameter" comment="SSH MaxStartups full parameter is less than or equal to 100"/>
@@ -21,6 +25,10 @@
     </criteria>
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config_file, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config_file, rule_id=rule_id) }}}
+  {{% endif %}}
   <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_first_parameter" version="2">
     <ind:path operation="pattern match">/etc/(ssh|ssh/sshd_config.d)</ind:path>
     <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/sle16.xml
deleted file mode 100644
index 5ca10680c2a8..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/oval/sle16.xml
+++ /dev/null
@@ -1,151 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="2">
-    {{{ oval_metadata("Ensure 'MaxStartups' is properly configured in SSH configuration files.", rule_title=rule_title) }}}
-    <criteria operator="OR" comment="sshd MaxStartups parameter is properly configured if sshd is installed">
-      <criteria operator="AND" comment="sshd is not installed">
-        <extend_definition definition_ref="sshd_not_required_or_unset"
-          comment="sshd is not required or requirement is unset"/>
-        <extend_definition definition_ref="package_openssh-server_removed"
-          comment="rpm package openssh-server is removed"/>
-      </criteria>
-      <criteria operator="OR">
-        <criteria comment="MaxStartups is configured correctly in /etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists" test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion test_ref="tst_maxstartups_start_parameter" comment="SSH MaxStartups start parameter is less than or equal to 10"/>
-          <criterion test_ref="tst_maxstartups_rate_parameter" comment="SSH MaxStartups rate parameter is greater than or equal to 30"/>
-          <criterion test_ref="tst_maxstartups_full_parameter" comment="SSH MaxStartups full parameter is less than or equal to 100"/>
-        </criteria>
-        <criteria comment="MaxStartups is configured correctly in /usr/etc/ssh/sshd_config" operator="AND">
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists" test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion test_ref="tst_maxstartups_start_parameter_usr" comment="SSH MaxStartups start parameter is less than or equal to 10"/>
-          <criterion test_ref="tst_maxstartups_rate_parameter_usr" comment="SSH MaxStartups rate parameter is greater than or equal to 30"/>
-          <criterion test_ref="tst_maxstartups_full_parameter_usr" comment="SSH MaxStartups full parameter is less than or equal to 100"/>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:textfilecontent54_test id="tst_maxstartups_start_parameter" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups start parameter is less than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_first_parameter"/>
-    <ind:state state_ref="ste_sshd_config_start_parameter_valid"/>
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="tst_maxstartups_rate_parameter" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups rate parameter is greater than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_second_parameter"/>
-    <ind:state state_ref="ste_sshd_config_rate_parameter_valid"/>
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="tst_maxstartups_full_parameter" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups full parameter is less than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_third_parameter"/>
-    <ind:state state_ref="ste_sshd_config_full_parameter_valid"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_first_parameter" version="2">
-    <ind:path operation="pattern match">^(/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+(\d+):\d+:\d+\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_second_parameter" version="2">
-    <ind:path operation="pattern match">^(/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+\d+:(\d+):\d+\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_third_parameter" version="2">
-    <ind:path operation="pattern match">^(/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+\d+:\d+:(\d+)\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="tst_maxstartups_start_parameter_usr" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups start parameter is less than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_first_parameter_usr"/>
-    <ind:state state_ref="ste_sshd_config_start_parameter_valid"/>
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="tst_maxstartups_rate_parameter_usr" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups rate parameter is greater than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_second_parameter_usr"/>
-    <ind:state state_ref="ste_sshd_config_rate_parameter_valid"/>
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="tst_maxstartups_full_parameter_usr" version="2"
-    check="all" check_existence="at_least_one_exists"
-    comment="SSH MaxStartups full parameter is less than or equal to the expected value">
-    <ind:object object_ref="obj_sshd_config_maxstartups_third_parameter_usr"/>
-    <ind:state state_ref="ste_sshd_config_full_parameter_valid"/>
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_first_parameter_usr" version="2">
-    <ind:path operation="pattern match">^(/usr/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+(\d+):\d+:\d+\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_second_parameter_usr" version="2">
-    <ind:path operation="pattern match">^(/usr/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+\d+:(\d+):\d+\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_sshd_config_maxstartups_third_parameter_usr" version="2">
-    <ind:path operation="pattern match">^(/usr/etc/ssh|/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">(sshd_config|.*\.conf)$</ind:filename>
-    <ind:pattern operation="pattern match" datatype="string">(?i)^\s*MaxStartups\s+\d+:\d+:(\d+)\s*$</ind:pattern>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <external_variable id="var_sshd_set_maxstartups" version="1"
-    datatype="string" comment="Expected value for MaxStartups parameter"/>
-
-  <local_variable id="var_sshd_set_maxstartups_first" version="1" datatype="int"
-    comment="First number from MaxStartup parameter value.">
-    <regex_capture pattern="(\d+):\d+:\d+">
-      <variable_component var_ref="var_sshd_set_maxstartups"/>
-    </regex_capture>
-  </local_variable>
-  <local_variable id="var_sshd_set_maxstartups_second" version="1" datatype="int"
-    comment="Second number from MaxStartup parameter value.">
-    <regex_capture pattern="\d+:(\d+):\d+">
-      <variable_component var_ref="var_sshd_set_maxstartups"/>
-    </regex_capture>
-  </local_variable>
-  <local_variable id="var_sshd_set_maxstartups_third" version="1" datatype="int"
-    comment="Third number from MaxStartup parameter value.">
-    <regex_capture pattern="\d+:\d+:(\d+)">
-      <variable_component var_ref="var_sshd_set_maxstartups" />
-    </regex_capture>
-  </local_variable>
-
-  <ind:textfilecontent54_state id="ste_sshd_config_start_parameter_valid" version="2">
-    <ind:subexpression datatype="int" operation="less than or equal"
-      var_ref="var_sshd_set_maxstartups_first"/>
-  </ind:textfilecontent54_state>
-  <ind:textfilecontent54_state id="ste_sshd_config_rate_parameter_valid" version="2">
-    <ind:subexpression datatype="int" operation="greater than or equal"
-      var_ref="var_sshd_set_maxstartups_second"/>
-  </ind:textfilecontent54_state>
-  <ind:textfilecontent54_state id="ste_sshd_config_full_parameter_valid" version="2">
-    <ind:subexpression datatype="int" operation="less than or equal"
-      var_ref="var_sshd_set_maxstartups_third"/>
-  </ind:textfilecontent54_state>
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_etc_sshd_config_drop_in.pass.sh
index fc6371be73be..5fd15da4ad03 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_etc_sshd_config_drop_in.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_etc_sshd_config_drop_in.pass.sh
@@ -3,4 +3,5 @@
 # variables = var_sshd_set_maxstartups=10:30:60
 source include.sh
 
-echo "MaxStartups 10:30:60" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxStartups 10:30:60" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
deleted file mode 100644
index 6905e07c838e..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_set_maxstartups=10:30:60
-source include.sh
-
-touch /etc/ssh/sshd_config
-echo "MaxStartups 10:30:60" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config.pass.sh
deleted file mode 100644
index 0a93fe6e32ec..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_set_maxstartups=10:30:60
-source include.sh
-
-echo "MaxStartups 10:30:60" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index d2835b507b40..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_set_maxstartups=10:30:60
-source include.sh
-
-echo "MaxStartups 10:30:60" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/include.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/include.sh
index 1f5b69d60b54..d9789622452f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/include.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/include.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^MaxStartups.*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_full.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_full.fail.sh
index b3f4fa8cd7fd..af07011652b9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_full.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_full.fail.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 # variables = var_sshd_set_maxstartups=10:30:60
 
-if grep -q "^MaxStartups" /etc/ssh/sshd_config; then
-	sed -i "s/^MaxStartups.*/MaxStartups 10:30:61/" /etc/ssh/sshd_config
+if grep -q "^MaxStartups" "{{{ sshd_main_config_file }}}"; then
+	sed -i "s/^MaxStartups.*/MaxStartups 10:30:61/" "{{{ sshd_main_config_file }}}"
 else
-	echo "MaxStartups 10:30:61" >> /etc/ssh/sshd_config
+	echo "MaxStartups 10:30:61" >> "{{{ sshd_main_config_file }}}"
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_rate.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_rate.fail.sh
index 4451e83b7005..8e0b2320ad8f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_rate.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_rate.fail.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 # variables = var_sshd_set_maxstartups=10:30:60
 
-if grep -q "^MaxStartups" /etc/ssh/sshd_config; then
-	sed -i "s/^MaxStartups.*/MaxStartups 10:29:60/" /etc/ssh/sshd_config
+if grep -q "^MaxStartups" "{{{ sshd_main_config_file }}}"; then
+	sed -i "s/^MaxStartups.*/MaxStartups 10:29:60/" "{{{ sshd_main_config_file }}}"
 else
-	echo "MaxStartups 10:29:60" >> /etc/ssh/sshd_config
+	echo "MaxStartups 10:29:60" >> "{{{ sshd_main_config_file }}}"
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_start.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_start.fail.sh
index 4a7ee0ad713e..1c375da9f7d6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_start.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/lenient_value_start.fail.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 # variables = var_sshd_set_maxstartups=10:30:60
 
-if grep -q "^MaxStartups" /etc/ssh/sshd_config; then
-	sed -i "s/^MaxStartups.*/MaxStartups 11:30:60/" /etc/ssh/sshd_config
+if grep -q "^MaxStartups" "{{{ sshd_main_config_file }}}"; then
+	sed -i "s/^MaxStartups.*/MaxStartups 11:30:60/" "{{{ sshd_main_config_file }}}"
 else
-	echo "MaxStartups 11:30:60" >> /etc/ssh/sshd_config
+	echo "MaxStartups 11:30:60" >> "{{{ sshd_main_config_file }}}"
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/stricter_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/stricter_value.pass.sh
index 0170b792fb01..6ca796cfb4b0 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/stricter_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/stricter_value.pass.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 # variables = var_sshd_set_maxstartups=10:30:60
 
-if grep -q "^MaxStartups" /etc/ssh/sshd_config; then
-	sed -i "s/^MaxStartups.*/MaxStartups 5:60:30/" /etc/ssh/sshd_config
+if grep -q "^MaxStartups" "{{{ sshd_main_config_file }}}"; then
+	sed -i "s/^MaxStartups.*/MaxStartups 5:60:30/" "{{{ sshd_main_config_file }}}"
 else
-	echo "MaxStartups 5:60:30" >> /etc/ssh/sshd_config
+	echo "MaxStartups 5:60:30" >> "{{{ sshd_main_config_file }}}"
 fi
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
index 39d6dae3afc2..07190ade93b0 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
@@ -3,4 +3,5 @@
 # variables = var_sshd_set_maxstartups=10:30:60
 source include.sh
 
-echo "MaxStartups 10:30:61" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
+touch "{{{ sshd_main_config_file }}}"
+echo "MaxStartups 10:30:61" >> "{{{ sshd_config_dir }}}/01-complianceascode.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config.fail.sh
deleted file mode 100644
index 9bfce7c33062..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_set_maxstartups=10:30:60
-source include.sh
-
-echo "MaxStartups 10:29:60" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index a0781811a3a3..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_maxstartups/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = var_sshd_set_maxstartups=10:30:60
-source include.sh
-
-echo "MaxStartups 11:30:60">> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/ansible/shared.yml
index 82b732e0e66b..7181b9f5d948 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/ansible/shared.yml
@@ -6,22 +6,27 @@
 
 {{{ ansible_instantiate_variables("sshd_strong_kex") }}}
 
-{{%- if product == 'sle16' -%}}
-    {{{
-        ansible_sshd_set_usr(
-                parameter="KexAlgorithms",
-                value="{{ sshd_strong_kex }}",
-                copy_defaults='true',
-                rule_title=rule_title
-            )
-    }}}
-{{%- else -%}}
-    {{{
-        ansible_sshd_set(
-          parameter="KexAlgorithms",
-          value="{{ sshd_strong_kex }}",
-          config_is_distributed=sshd_distributed_config,
-          rule_title=rule_title
-        )
-    }}}
-{{%- endif -%}}
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+{{{ ansible_copy_distro_defaults("/usr/etc/ssh/sshd_config", sshd_main_config_file, rule_title=rule_title) }}}
+- name: Check if SSH {{{ sshd_main_config_file }}} configuration file exists
+  ansible.builtin.stat:
+    path: {{{ sshd_main_config_file }}}
+  register: sshd_main_config_file_{{{ rule_id }}}
+{{{
+    ansible_lineinfile(
+        rule_title + ' - Remove /usr/etc/ssh/sshd_config.d/*.conf include directive from ' + sshd_main_config_file,
+        path=sshd_main_config_file,
+        regex='^\s*Include\s+\/usr\/etc\/ssh\/sshd_config\.d/\*\.conf',
+        state='absent',
+        when='sshd_main_config_file_' + rule_id + '.stat.exists'
+    )
+}}}
+{{% endif %}}
+{{{
+    ansible_sshd_set(
+        parameter="KexAlgorithms",
+        value="{{ sshd_strong_kex }}",
+        config_is_distributed=sshd_distributed_config,
+        rule_title=rule_title
+    )
+}}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/bash/shared.sh
index de205aedd670..5ff1f54850e6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/bash/shared.sh
@@ -5,22 +5,15 @@
 # disruption = low
 {{{ bash_instantiate_variables("sshd_strong_kex") }}}
 
-{{%- if product == 'sle16' -%}}
-    {{{
-        bash_sshd_remediation_usr(
-            parameter="KexAlgorithms",
-            value="$sshd_strong_kex",
-            copy_defaults=true,
-            rule_id=rule_id
-        )
-    }}}
-{{%- else -%}}
-    {{{
-        bash_sshd_remediation(
-            parameter="KexAlgorithms",
-            value="$sshd_strong_kex",
-            config_is_distributed=sshd_distributed_config,
-            rule_id=rule_id
-        )
-    }}}
-{{%- endif -%}}
+{{% if product in ['sle16', 'slmicro6'] %}}
+    {{{ bash_copy_distro_defaults("/usr/etc/ssh/sshd_config", sshd_main_config_file) }}}
+    {{{ lineinfile_absent(sshd_main_config_file, "^\s*Include\s*/usr/etc/ssh/sshd_config\.d/\*\.conf", sed_path_separator="#", rule_id=rule_id) }}}
+{{% endif %}}
+{{{
+    bash_sshd_remediation(
+        parameter="KexAlgorithms",
+        value="$sshd_strong_kex",
+        config_is_distributed=sshd_distributed_config,
+        rule_id=rule_id
+    )
+}}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/shared.xml
index b47bab42117f..467a249ad61e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/shared.xml
@@ -26,6 +26,10 @@
         <extend_definition comment="package openssh-server installed"
             definition_ref="package_openssh-server_installed" />
         {{% endif %}}
+        {{% if product in [ 'sle16', 'slmicro6' ] %}}
+        <criterion comment="test if SSH main configuration {{{ sshd_main_config }}} exists for {{{ rule_id }}}"
+            test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+        {{% endif %}}
         <criterion comment="Check KexAlgorithms in /etc/ssh/sshd_config"
             test_ref="test_sshd_use_strong_kex" />
         {{%- if sshd_distributed_config == "true" %}}
@@ -38,6 +42,11 @@
     </criteria>
   </definition>
 
+  {{% if product in [ 'sle16', 'slmicro6' ] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{% endif %}}
+
   <ind:variable_test check="all" check_existence="any_exist"
   comment="tests the value of KexAlgorithms setting in the /etc/ssh/sshd_config file"
   id="test_sshd_use_strong_kex" version="1">
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/sle16.xml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/sle16.xml
deleted file mode 100644
index d6c8fb2432cf..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/oval/sle16.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<def-group>
-  <definition class="compliance" id="sshd_use_strong_kex" version="1">
-    {{{ oval_metadata("Limit the Key Exchange Algorithms to those which are FIPS-approved.", rule_title=rule_title) }}}
-    <criteria comment="SSH is configured correctly or is not installed"
-        operator="OR">
-      <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset"
-            definition_ref="sshd_not_required_or_unset" />
-        <extend_definition comment="package openssh-server removed"
-            definition_ref="package_openssh-server_removed" />
-      </criteria>
-      <criteria comment="SSH is using /etc/ssh/sshd_config" operator="OR">
-        <criteria comment="sshd is installed and configured" operator="AND">
-          <extend_definition comment="sshd is required or requirement is unset"
-              definition_ref="sshd_required_or_unset" />
-          <extend_definition comment="package openssh-server installed"
-              definition_ref="package_openssh-server_installed" />
-          <criterion comment="SSH configuration /etc/ssh/sshd_config exists"
-              test_ref="test_etc_ssh_sshd_config_exist"/>
-          <criterion comment="Check KexAlgorithms in /etc/ssh/sshd_config"
-              test_ref="test_sshd_use_strong_kex" />
-          <criterion comment="Check KexAlgorithms in /etc/ssh/sshd_config.d/ and /usr/etc/ssh/sshd_config.d/"
-              test_ref="test_sshd_use_strong_kex_config_dir" />
-          <criterion comment="the configuration exists"
-              test_ref="test_sshd_kexalgorithms_exists" />
-        </criteria>
-        <criteria comment="sshd is installed and configured" operator="AND">
-          <extend_definition comment="sshd is required or requirement is unset"
-              definition_ref="sshd_required_or_unset" />
-          <extend_definition comment="package openssh-server installed"
-              definition_ref="package_openssh-server_installed" />
-          <criterion comment="SSH configuration /etc/ssh/sshd_config does not exists"
-              test_ref="test_etc_ssh_sshd_config_exist" negate="true"/>
-          <criterion comment="Check KexAlgorithms in /usr/etc/ssh/sshd_config"
-              test_ref="test_sshd_use_strong_kex_usr" />
-          <criterion comment="Check KexAlgorithms in /etc/ssh/sshd_config.d/ and /usr/etc/ssh/sshd_config.d/"
-              test_ref="test_sshd_use_strong_kex_config_dir" />
-          <criterion comment="the configuration exists"
-              test_ref="test_sshd_kexalgorithms_exists_usr" />
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  <unix:file_test check="all" check_existence="all_exist"
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="test_etc_ssh_sshd_config_exist"
-      state_operator="AND" version="1">
-    <unix:object object_ref="obj_etc_ssh_sshd_config_exist"/>
-  </unix:file_test>
-  <unix:file_object
-      comment="SSH configuration /etc/ssh/sshd_config exists"
-      id="obj_etc_ssh_sshd_config_exist" version="1">
-    <unix:filepath operation="pattern match">^/etc/ssh/sshd_config</unix:filepath>
-  </unix:file_object>
-
-  <ind:variable_test check="all" check_existence="any_exist"
-  comment="tests the value of KexAlgorithms setting in the /etc/ssh/sshd_config file"
-  id="test_sshd_use_strong_kex" version="1">
-    <ind:object object_ref="obj_sshd_use_strong_kex" />
-    <ind:state state_ref="ste_sshd_use_strong_kex" />
-  </ind:variable_test>
-
-  <ind:variable_object id="obj_sshd_use_strong_kex" version="1">
-    <ind:var_ref>var_sshd_config_kex</ind:var_ref>
-  </ind:variable_object>
-
-  <ind:variable_state comment="approved strong kex" id="ste_sshd_use_strong_kex" version="1">
-    <ind:value operation="equals" datatype="string" var_ref="var_sshd_strong_kex" var_check="at least one" />
-  </ind:variable_state>
-
-  <local_variable id="var_sshd_config_kex" datatype="string" version="1" comment="KEXs values split on comma">
-    <split delimiter=",">
-      <object_component item_field="subexpression" object_ref="obj_sshd_config_kex" />
-    </split>
-  </local_variable>
-
-  <ind:textfilecontent54_object id="obj_sshd_config_kex" version="1">
-    <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)KexAlgorithms(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-
-  <ind:variable_test check="all" check_existence="any_exist"
-      comment="tests the value of KexAlgorithms setting in the /usr/etc/ssh/sshd_config file"
-      id="test_sshd_use_strong_kex_usr" version="1">
-    <ind:object object_ref="obj_sshd_use_strong_kex_usr" />
-    <ind:state state_ref="ste_sshd_use_strong_kex_usr" />
-  </ind:variable_test>
-
-  <ind:variable_object id="obj_sshd_use_strong_kex_usr" version="1">
-    <ind:var_ref>var_sshd_config_kex_usr</ind:var_ref>
-  </ind:variable_object>
-
-  <ind:variable_state comment="approved strong kex" id="ste_sshd_use_strong_kex_usr" version="1">
-    <ind:value operation="equals" datatype="string" var_ref="var_sshd_strong_kex" var_check="at least one" />
-  </ind:variable_state>
-
-  <local_variable id="var_sshd_config_kex_usr" datatype="string" version="1" comment="KEXs values split on comma">
-    <split delimiter=",">
-      <object_component item_field="subexpression" object_ref="obj_sshd_config_kex_usr" />
-    </split>
-  </local_variable>
-
-  <ind:textfilecontent54_object id="obj_sshd_config_kex_usr" version="1">
-    <ind:filepath>/usr/etc/ssh/sshd_config</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*(?i)KexAlgorithms(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <ind:variable_test check="all" check_existence="any_exist"
-  comment="tests the value of KexAlgorithms setting in the /etc/ssh/sshd_config.d dir"
-  id="test_sshd_use_strong_kex_config_dir" version="1">
-    <ind:object object_ref="obj_sshd_use_strong_kex_config_dir" />
-    <ind:state state_ref="ste_sshd_use_strong_kex_config_dir" />
-  </ind:variable_test>
-
-  <ind:variable_object id="obj_sshd_use_strong_kex_config_dir" version="1">
-    <ind:var_ref>var_sshd_config_kex_config_dir</ind:var_ref>
-  </ind:variable_object>
-
-  <ind:variable_state comment="approved strong kex" id="ste_sshd_use_strong_kex_config_dir" version="1">
-    <ind:value operation="equals" datatype="string" var_ref="var_sshd_strong_kex" var_check="at least one" />
-  </ind:variable_state>
-
-  <ind:textfilecontent54_object id="obj_sshd_config_kex_config_dir" version="1">
-    <ind:path operation="pattern match">^(/etc/ssh/sshd_config.d|/usr/etc/ssh/sshd_config.d)</ind:path>
-    <ind:filename operation="pattern match">.*\.conf$</ind:filename>
-    <ind:pattern operation="pattern match">^[\s]*(?i)KexAlgorithms(?-i)[\s]+([\w,-@]+)+[\s]*(?:#.*)?$</ind:pattern>
-    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-  </ind:textfilecontent54_object>
-
-  <local_variable id="var_sshd_config_kex_config_dir" datatype="string" version="1" comment="KEXs values split on comma">
-    <split delimiter=",">
-      <object_component item_field="subexpression" object_ref="obj_sshd_config_kex_config_dir" />
-    </split>
-  </local_variable>
-
-  <ind:textfilecontent54_test id="test_sshd_kexalgorithms_exists" version="1" check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of KexAlgorithms is present">
-    <ind:object object_ref="obj_sshd_kex_all_configs" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_sshd_kex_all_configs" version="1">
-    <set>
-      <object_reference>obj_sshd_config_kex</object_reference>
-      <object_reference>obj_sshd_config_kex_config_dir</object_reference>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_sshd_kexalgorithms_exists_usr" version="1" check="all" check_existence="at_least_one_exists"
-    comment="Verify that the value of KexAlgorithms is present">
-    <ind:object object_ref="obj_sshd_kex_all_configs_usr" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection" id="obj_sshd_kex_all_configs_usr" version="1">
-    <set>
-      <object_reference>obj_sshd_config_kex_usr</object_reference>
-      <object_reference>obj_sshd_config_kex_config_dir</object_reference>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <local_variable id="var_sshd_strong_kex" datatype="string" version="1" comment="approved strong KEX values split on comma">
-    <split delimiter=",">
-      <variable_component var_ref="sshd_strong_kex" />
-    </split>
-  </local_variable>
-  <external_variable comment="SSH Approved KEX by FIPS" datatype="string" id="sshd_strong_kex" version="1" />
-
-</def-group>
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/commented.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/commented.fail.sh
index aa2ea90547a0..9ca5bffc1697 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/commented.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/commented.fail.sh
@@ -2,6 +2,5 @@
 # platform = multi_platform_all
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "# KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config
-
+source include.sh
+echo "# KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting.fail.sh
index 6ce03e4e919f..9c8781f15b8c 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting.fail.sh
@@ -7,7 +7,7 @@
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config
+source include.sh
+echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_main_config_file }}}"
 
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /etc/ssh/sshd_config
+echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting_dir.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting_dir.fail.sh
index fc75008123c1..a508503c308f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting_dir.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/conflicting_dir.fail.sh
@@ -7,7 +7,7 @@
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config
+source include.sh
+echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_main_config_file }}}"
 
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /etc/ssh/sshd_config.d/00-test.conf
+echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> "{{{ sshd_config_dir }}}/00-test.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_dir.pass.sh
index c781c48b0aec..108f323e16e5 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_dir.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_dir.pass.sh
@@ -6,7 +6,8 @@
 {{% endif %}}
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config.d/00-test.conf
-
+source include.sh
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+touch "{{{ sshd_main_config_file }}}"
+{{% endif %}}
+echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_config_dir }}}/00-test.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_mixed.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_mixed.pass.sh
index a413c563def1..cc2b654b6fb2 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_mixed.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_mixed.pass.sh
@@ -2,6 +2,5 @@
 # platform = multi_platform_all
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms diffie-hellman-group18-sha512,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512" >> /etc/ssh/sshd_config
-
+source include.sh
+echo "KexAlgorithms diffie-hellman-group18-sha512,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_subset.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_subset.pass.sh
index 49ff0efa8ff6..857f119341dc 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_subset.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_subset.pass.sh
@@ -2,5 +2,5 @@
 # platform = multi_platform_all
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config
+source include.sh
+echo "KexAlgorithms diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value.pass.sh
index 55b6586c9ab4..27814911e71e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value.pass.sh
@@ -2,6 +2,5 @@
 # platform = multi_platform_all
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> /etc/ssh/sshd_config
-
+source include.sh
+echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index 7a794f42a4b1..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-
-source include.sh
-
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
deleted file mode 100644
index 9c44448054f2..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_in_usr_etc_sshd_config_present.fail.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-source include.sh
-
-touch /etc/ssh/sshd_config
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config.pass.sh
deleted file mode 100644
index 0577aad9bd14..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config.pass.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-
-source include.sh
-
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
deleted file mode 100644
index ab24bed01ba1..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/correct_value_usr_etc_sshd_config_drop_in.pass.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-source include.sh
-
-echo "KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/good_kex_sle.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/good_kex_sle.pass.sh
index d77889a0db6a..71bfdf518fb7 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/good_kex_sle.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/good_kex_sle.pass.sh
@@ -2,5 +2,5 @@
 # platform = multi_platform_sle,multi_platform_ubuntu
 # variables = sshd_strong_kex=diffie-hellman-group14-sha256
 
-sed -i 's/^\s*KexAlgorithms\s.*//i' /etc/ssh/sshd_config
-echo "KexAlgorithms diffie-hellman-group14-sha256" >> /etc/ssh/sshd_config
+source include.sh
+echo "KexAlgorithms diffie-hellman-group14-sha256" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/include.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/include.sh
index 179b7b36e808..5da471c9a943 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/include.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/include.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config")
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/* /etc/ssh/sshd_config.d/*)
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}")
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+SSHD_PATHS+=("{{{ sshd_config_dir }}}/*")
 {{% endif %}}
 # clean up configurations
 sed -i '/^KexAlgorithms.*/d' "${SSHD_PATHS[@]}"
 
-# restore to defaults for sle16
-{{% if product == 'sle16' %}}
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
+# restore to defaults for sle16 and slmicro6
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
 fi
 {{% endif %}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex.fail.sh
index 1404e6112a59..85b4577ebb7e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex.fail.sh
@@ -2,6 +2,5 @@
 # platform = multi_platform_all
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /etc/ssh/sshd_config
-
+source include.sh
+echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> "{{{ sshd_main_config_file }}}"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex_dir.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex_dir.fail.sh
index f301850ebaa5..6890faeba3d6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex_dir.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/weak_kex_dir.fail.sh
@@ -6,5 +6,8 @@
 {{% endif %}}
 # variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 
-sed -i '/^\s*KexAlgorithms\s/Id' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /etc/ssh/sshd_config.d/00-test.conf
+source include.sh
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+touch "{{{ sshd_main_config_file }}}"
+{{% endif %}}
+echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> "{{{ sshd_config_dir }}}/00-test.conf"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index a1a7b95bafff..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-source include.sh
-
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /etc/ssh/sshd_config.d/01-complianceascode.conf
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config.fail.sh
deleted file mode 100644
index df52b52f680d..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-source include.sh
-
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /usr/etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
deleted file mode 100644
index 2a71c2a3bd53..000000000000
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/tests/wrong_value_usr_etc_sshd_config_drop_in.fail.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-# variables = sshd_strong_kex=curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256
-source include.sh
-
-echo "KexAlgorithms diffie-hellman-group-exchange-sha1" >> /usr/etc/ssh/sshd_config.d/01-complianceascode.conf

From aa1e8f7fad49ff06a2c0d5f578ea54f8e88699ff Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 24 May 2026 10:30:55 +0300
Subject: [PATCH 3/4] Add sed separator changes as in PR#14698

---
 shared/macros/10-ansible.jinja | 127 ++-------------------------
 shared/macros/10-bash.jinja    |  61 ++-----------
 shared/macros/10-oval.jinja    | 155 ++-------------------------------
 3 files changed, 22 insertions(+), 321 deletions(-)

diff --git a/shared/macros/10-ansible.jinja b/shared/macros/10-ansible.jinja
index a740bd51d488..66fc25da9b3e 100644
--- a/shared/macros/10-ansible.jinja
+++ b/shared/macros/10-ansible.jinja
@@ -180,6 +180,10 @@ value: :code:`Setting={{ varname1 }}`
     - {{{ config_dir }}}
     contains: {{{ line_regex }}}
   register: _config_dir_has_parameter
+- name: {{{ rule_title }}} - Check if {{{ config_file }}} exists
+  ansible.builtin.stat:
+    path: {{{ config_file }}}
+  register: _config_file_exists
 - name: {{{ rule_title }}} - Check if the parameter {{{ parameter }}} is configured correctly in {{{ config_file }}}
   ansible.builtin.lineinfile:
     path: {{{ config_file }}}
@@ -188,6 +192,7 @@ value: :code:`Setting={{ varname1 }}`
   check_mode: true
   changed_when: false
   register: _config_file_correctly
+  when: _config_file_exists.stat.exists
 - name: {{{ rule_title }}} - Check if the parameter {{{ parameter }}} is configured correctly in {{{ config_dir }}}
   ansible.builtin.find:
     paths:
@@ -201,7 +206,9 @@ value: :code:`Setting={{ varname1 }}`
     {{{ ansible_find("Check if the parameter " + parameter + " is present in " + config_dir, paths=config_dir, contains=line_regex, register=dir_parameter, when=find_when)|indent }}}
     {{{ ansible_lineinfile("Remove parameter from files in " + config_dir, path="{{ item.path }}", regex=line_regex, insensitive=insensitive, state="absent", with_items=lineinfile_items, when=lineinfile_when)|indent }}}
     {{{ ansible_lineinfile("Insert correct line to " + set_file, set_file, regex=line_regex, insensitive=insensitive, new_line=new_line, create=create, state='present', validate=validate, insert_after=insert_after, insert_before=insert_before)|indent }}}
-  when: (_config_file_correctly.found == 0 and _config_dir_correctly.matched == 0) or ((_config_file_has_parameter.found | int) + (_config_dir_has_parameter.matched | int)) != 1
+  when:
+    - _config_file_correctly is not skipped
+    - (_config_file_correctly.found == 0 and _config_dir_correctly.matched == 0) or ((_config_file_has_parameter.found | int) + (_config_dir_has_parameter.matched | int)) != 1
 {{%- endmacro %}}
 
 
@@ -2421,124 +2428,6 @@ lines will be inserted at the beginning of the profile.
   when: dconf_user_profile_blockinfile is changed
 {{%- endmacro -%}}
 
-
-{{#
-
-    Set a sshd configuration parameter to a value for system with /usr - located default config
-
-:parameter msg: Message to be set as Task Title, if not set the rule's title will be used instead
-:type msg: str
-:parameter parameter: Parameter to set
-:type parameter: str
-:parameter value: The value to set
-:type value: str
-:param copy_defaults: If true default sshd configuration in /usr/etc/ssh/sshd_config will be
-copied onto /etc/ssh/sshd_config, if /etc/ssh/sshd_config does not exist
-:type copy_defaults: bool
-:parameter config_basename: drop-in filename of sshd configuration file
-:type config_basename: str
-
-#}}
-{{%- macro ansible_sshd_set_usr(msg='', parameter='', value='', copy_defaults=true, config_basename="00-complianceascode-hardening.conf", rule_title=None) %}}
-{{%- set sshd_config_path = "/etc/ssh/sshd_config" %}}
-{{%- set sshd_usr_config_path = "/usr/etc/ssh/sshd_config" %}}
-{{%- set sshd_config_dir = "/etc/ssh/sshd_config.d" -%}}
-{{%- set sshd_usr_config_dir = "/usr/etc/ssh/sshd_config.d" -%}}
-{{%- set ssh_paths = ['/etc/ssh/sshd_config.d', '/usr/etc/ssh/sshd_config.d'] -%}}
-{{%- set config_file = "/etc/ssh/sshd_config.d/" ~ config_basename -%}}
-{{%- set new_line = parameter + ' ' + value -%}}
-{{%- set line_regex = "(?i)^\s*" + "{{ \"" + parameter + "\"| regex_escape }}" + "\s+" -%}}
-{{%- set dir_parameter = "sshd_config_d_has_parameter" -%}}
-{{%- set lineinfile_items = "{{ " + dir_parameter + ".files }}" -%}}
-
-- name: {{{ rule_title }}} - Copy default {{{ sshd_usr_config_path }}} to {{{ sshd_config_path }}}
-  ansible.builtin.copy:
-    src: {{{ sshd_usr_config_path }}}
-    dest: {{{ sshd_config_path }}}
-    force: no
-    mode: '0600'
-- name: {{{ rule_title }}} - Check if the parameter {{{ parameter }}} is configured in sshd configuration(s)
-  ansible.builtin.find:
-    paths:
-    - '/etc/ssh'
-    - '/usr/etc/ssh'
-    - {{{ sshd_config_dir }}}
-    - {{{ sshd_usr_config_dir }}}
-    contains: {{{ line_regex }}}
-    patterns:
-    - '*.conf'
-    - 'sshd_config'
-  register: _sshd_config_has_parameter
-- name: {{{ rule_title }}} - Check if the parameter {{{ parameter }}} is configured correctly in sshd configuration(s)
-  ansible.builtin.find:
-    paths:
-    - '/etc/ssh'
-    - '/usr/etc/ssh'
-    - {{{ sshd_config_dir }}}
-    - {{{ sshd_usr_config_dir }}}
-    contains: {{{ line_regex ~ value ~ "$" }}}
-    patterns:
-    - '*.conf'
-    - 'sshd_config'
-  register: _sshd_config_correctly
-- name: '{{{ msg or rule_title }}}'
-  block:
-    {{{ ansible_lineinfile(
-            "Deduplicate values from " + sshd_config_path,
-            sshd_config_path,
-            regex=line_regex,
-            insensitive='false',
-            create='no',
-            state='absent')|indent }}}
-    {{{ ansible_lineinfile(
-            "Deduplicate values from " + sshd_usr_config_path,
-            sshd_usr_config_path,
-            regex=line_regex,
-            insensitive='false',
-            create='no',
-            state='absent')|indent }}}
-    - name: "{{{ rule_title }}} - Check if the parameter {{{ parameter }}} is present in {{{ sshd_config_dir }}} and in {{{ sshd_usr_config_dir }}}"
-      ansible.builtin.find:
-        paths: {{{ ssh_paths }}}
-        recurse: 'yes'
-        follow: 'no'
-        contains: '(?i)^\s*{{ "{{{ parameter }}}"| regex_escape }}\s+'
-      register: {{{ dir_parameter }}}
-    {{{ ansible_lineinfile(
-            "Remove parameter from files in " + sshd_config_dir,
-            path="{{ item.path }}",
-            regex=line_regex,
-            state="absent",
-            with_items=lineinfile_items)|indent}}}
-    {{{ ansible_lineinfile(
-            "Remove parameter from files in " + sshd_usr_config_dir,
-            path="{{ item.path }}",
-            regex=line_regex,
-            state="absent",
-            with_items=lineinfile_items)|indent }}}
-    {{{ ansible_lineinfile(
-            "Insert correct line to " + config_file,
-            config_file,
-            regex=line_regex,
-            insensitive='false',
-            new_line=new_line,
-            create='yes',
-            state='present',
-            validate='/usr/sbin/sshd -t -f %s',
-            insert_after='',
-            insert_before="BOF" )|indent }}}
-  when: _sshd_config_correctly.matched == 0 or _sshd_config_has_parameter.matched != 1
-
-- name: {{{ rule_title }}} - set file mode for {{{ config_file }}}
-  ansible.builtin.file:
-    path: {{{ config_file }}}
-    mode: '0600'
-    state: touch
-    modification_time: preserve
-    access_time: preserve
-{{%- endmacro %}}
-
-
 {{#
     copy source file to destination file if destination
     does not exist
diff --git a/shared/macros/10-bash.jinja b/shared/macros/10-bash.jinja
index 5fa5c8f0618b..a1601082b544 100644
--- a/shared/macros/10-bash.jinja
+++ b/shared/macros/10-bash.jinja
@@ -1325,9 +1325,12 @@ fi
     {{% if sed_path_separator in regex %}}
     {{{ raise("regex (" + regex + ") uses sed path separator (" + sed_path_separator + ") in " + rule_id) }}}
     {{% endif %}}
-LC_ALL=C sed -i "{{{ sed_path_separator }}}{{{ regex }}}{{{ sed_path_separator }}}{{{ modifier }}}" "{{{ path }}}"
-{{%- endmacro -%}}
-
+    {{%- if sed_path_separator != "/" -%}}
+    # non default delimiter with delete operation needs to be escaped
+    LC_ALL=C sed -i "\{{{ sed_path_separator }}}{{{ regex }}}{{{ sed_path_separator }}}{{{ modifier }}}" "{{{ path }}}"
+    {{%- else -%}}
+    LC_ALL=C sed -i "{{{ sed_path_separator }}}{{{ regex }}}{{{ sed_path_separator }}}{{{ modifier }}}" "{{{ path }}}"
+    {{%- endif -%}}{{%- endmacro -%}}
 
 {{%- macro lineinfile_absent_in_directory(dirname, regex, insensitive=true, filename_glob="*") -%}}
     {{%- if insensitive -%}}
@@ -2774,58 +2777,6 @@ This macro creates a Bash conditional which checks the system architecture in /p
 ( grep -sqE "^.*\.{{{ arch }}}$" /proc/sys/kernel/osrelease || grep -sqE "^{{{ arch }}}$" /proc/sys/kernel/arch; )
 {{%- endmacro -%}}
 
-
-{{#
-    Set a sshd configuration parameter to a value for system with default configuration in /usr subdir
-
-:parameter parameter: Parameter to set
-:type parameter: str
-:parameter value: The value to set
-:type value: str
-:param copy_defaults: If true default sshd configuration in /usr/etc/ssh/sshd_config will be
-copied onto /etc/ssh/sshd_config, if /etc/ssh/sshd_config does not exist
-:type copy_defaults: bool
-:parameter config_basename: drop-in filename of sshd configuration file
-:type config_basename: str
-
-#}}
-{{% macro bash_sshd_remediation_usr(parameter, value, copy_defaults="true", config_basename="00-complianceascode-hardening.conf", rule_id=None) -%}}
-{{%- set sshd_config_path = "/etc/ssh/sshd_config" %}}
-{{%- set sshd_config_dir = "/etc/ssh/sshd_config.d" -%}}
-{{%- set sshd_usr_config_path = "/usr/etc/ssh/sshd_config" %}}
-{{%- set sshd_usr_config_dir = "/usr/etc/ssh/sshd_config.d" -%}}
-{{%- set prefix_regex = "^\s*" -%}}
-{{%- set separator_regex = "\s\+" -%}}
-{{%- set hardening_config_basename = config_basename %}}
-{{%- set line_regex = prefix_regex ~ parameter ~ separator_regex %}}
-
-if ! [ -e "{{{ sshd_config_path }}}" ] ; then
-    cp "{{{ sshd_usr_config_path }}}" "{{{ sshd_config_path }}}"
-fi
-
-mkdir -p {{{ sshd_config_dir }}}
-touch {{{ sshd_config_dir }}}/{{{ hardening_config_basename }}}
-chmod 0600 {{{ sshd_config_dir }}}/{{{ hardening_config_basename }}}
-{{{ lineinfile_absent(sshd_config_path, line_regex, insensitive=true, rule_id=rule_id) }}}
-{{{ lineinfile_absent_in_directory(sshd_config_dir, line_regex, insensitive=true, filename_glob="*.conf") }}}
-{{{ lineinfile_absent(sshd_usr_config_path, line_regex, insensitive=true, rule_id=rule_id) }}}
-{{{ lineinfile_absent_in_directory(sshd_usr_config_dir, line_regex, insensitive=true, filename_glob="*.conf") }}}
-{{{ set_config_file(
-        path=sshd_config_dir ~ "/" ~ hardening_config_basename,
-        parameter=parameter,
-        value=value,
-        create=true,
-        insert_after="",
-        insert_before="BOF",
-        insensitive=true,
-        separator=" ",
-        separator_regex=separator_regex,
-        prefix_regex=prefix_regex, rule_id=rule_id)
-    }}}
-{{%- endmacro %}}
-
-
-
 {{#
     copy source file to destination file if destination
     does not exist
diff --git a/shared/macros/10-oval.jinja b/shared/macros/10-oval.jinja
index fdea8f3d0d5c..8fad1b6934ef 100644
--- a/shared/macros/10-oval.jinja
+++ b/shared/macros/10-oval.jinja
@@ -1083,6 +1083,9 @@ Generates the :code:`<affected>` tag for OVAL check using correct product platfo
           {{%- if runtime_check != "true" %}}
           <criteria comment="static configuration is correct" operator="AND">
               <criteria comment="the configuration is correct if it exists" operator="AND">
+              {{%- if product in ["sle16", "slmicro6"] %}}
+              <criterion comment="test if configuration file {{{ sshd_main_config }}} exists for {{{ rule_id }}}" test_ref="test_{{{ rule_id }}}_config_file_exists"/>
+              {{%- endif %}}
               {{{- oval_line_in_file_criterion(sshd_main_config, parameter, avoid_conflicting=true, rule_id=rule_id) | indent(12)}}}
               {{%- if config_is_distributed == "true" %}}
               {{{- oval_line_in_directory_criterion(sshd_drop_in_dir, parameter, avoid_conflicting=true, rule_id=rule_id) | indent(12) }}}
@@ -1105,6 +1108,11 @@ Generates the :code:`<affected>` tag for OVAL check using correct product platfo
 {{{ oval_line_in_file_define_variable(xccdf_variable, datatype) }}}
 {{% endif %}}
 
+  {{%- if product in ["sle16", "slmicro6"] %}}
+  {{{ oval_config_file_exists_test(sshd_main_config, rule_id=rule_id) }}}
+  {{{ oval_config_file_exists_object(sshd_main_config, rule_id=rule_id) }}}
+  {{%- endif -%}}
+
   {{% if product in ["ol8", "ol9"] %}}
   {{{ oval_line_in_file_object(sshd_main_config, parameter="include", id_stem="sshd_include_value_" ~ rule_id, rule_id=rule_id, ** case_insensitivity_kwargs)| indent (2) }}}
   <local_variable id="var_sshd_config_included_files_{{{ rule_id }}}" datatype="string" version="1"
@@ -1886,153 +1894,6 @@ Macro generates an OVAL test definition to verify that a specified audit tool is
 {{%- endmacro -%}}
 
 
-{{#
-    Create a full OVAL check for an sshd parameter and value in /etc/ssh/sshd_config or /usr/etc/ssh/sshd_config.
-    Including /etc/ssh/sshd_config.d/*.conf and /usr/etc/ssh/sshd_config.d/*.conf (default on SUSE Linux Enterprise Server 16)
-
-:param parameter: Parameter to check
-:type parameter: str
-:param value: Value to check
-:type value: str
-:param missing_parameter_pass: If true, the check will pass if the parameter missing.
-:type missing_parameter_pass: bool
-:param xccdf_variable: the name of an XCCDF variable carrying the value, this conflicts with the value parameter
-:type xccdf_variable: str
-:param datatype: a data type of the value
-:type datatype: str
-
-#}}
-{{%- macro sshd_oval_check_usr(parameter, value, missing_parameter_pass, xccdf_variable="", datatype="", rule_id=None, rule_title=None) -%}}
-{{%- set sshd_config_path = "/etc/ssh/sshd_config" %}}
-{{%- set sshd_usr_config_path = "/usr/etc/ssh/sshd_config" -%}}
-{{%- set sshd_config_dir = "/etc/ssh/sshd_config.d" -%}}
-{{%- set sshd_usr_config_dir = "/usr/etc/ssh/sshd_config.d" -%}}
-{{%- if xccdf_variable -%}}
-{{%- set description = "Ensure '" ~ parameter ~ "' is configured with value configured in " ~ xccdf_variable ~ " variable in " ~ sshd_config_path %}}
-{{%- else -%}}
-{{%- set description = "Ensure '" ~ parameter ~ "' is configured with value '" ~ value ~ "' in " ~ sshd_config_path -%}}
-{{%- endif -%}}
-{{%- set description = description  ~ " or in " ~ sshd_config_dir -%}}
-{{%- set description = description  ~ " or in " ~ sshd_usr_config_path -%}}
-{{%- set description = description  ~ " or in " ~ sshd_usr_config_dir -%}}
-{{%- set case_insensitivity_kwargs = dict(prefix_regex="^[ \\t]*(?i)", separator_regex = "(?-i)[ \\t]+") -%}}
-
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="1">
-   {{{ oval_metadata(description, rule_title=rule_title) }}}
-   <criteria comment="sshd is configured correctly or is not installed" operator="OR">
-     <criteria comment="sshd is not installed" operator="AND">
-        <extend_definition comment="sshd is not required or requirement is unset" definition_ref="sshd_not_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server removed" definition_ref="package_openssh-server_removed" />
-     </criteria>
-     <criteria comment="sshd is installed and configured using /etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criterion comment="test if configuration file {{{ sshd_config_path }}} exists for {{{ rule_id }}}" test_ref="test_{{{ rule_id }}}_config_file_exists"/>
-        <criteria comment="sshd is configured correctly" operator="AND">
-          <criteria comment="static configuration is correct" operator="AND">
-            <criteria comment="the configuration is correct if it exists" operator="AND">
-              {{{ oval_line_in_file_criterion(sshd_config_path, parameter, avoid_conflicting=true, rule_id=rule_id) | indent(12)}}}
-              {{{ oval_line_in_directory_criterion(sshd_config_dir, parameter, avoid_conflicting=true, rule_id=rule_id) | indent(12) }}}
-              {{{ oval_line_in_file_criterion(sshd_usr_config_dir, parameter, id_stem=rule_id ~ "_sshd_usr_config_dir") | indent(12) }}}
-            </criteria>
-            {{%- if not missing_parameter_pass -%}}
-            <criterion comment="the configuration exists" test_ref="test_{{{ parameter }}}_present_{{{ rule_id }}}_etc_ssh_sshd_config" />
-            {{%- endif -%}}
-          </criteria>
-        </criteria>
-      </criteria>
-      <criteria comment="sshd is installed and configured using /usr/etc/ssh/sshd_config" operator="AND">
-        <extend_definition comment="sshd is required or requirement is unset" definition_ref="sshd_required_or_unset" />
-        <extend_definition comment="rpm package openssh-server installed" definition_ref="package_openssh-server_installed" />
-        <criterion comment="test if configuration file {{{ sshd_config_path }}} does not exists for {{{ rule_id }}}" test_ref="test_{{{ rule_id }}}_config_file_exists" negate="true"/>
-        <criteria comment="sshd is configured correctly" operator="AND">
-          <criteria comment="static configuration is correct" operator="AND">
-            <criteria comment="the configuration is correct if it exists" operator="AND">
-              {{{ oval_line_in_file_criterion(sshd_usr_config_path, parameter, avoid_conflicting=true, id_stem=rule_id ~ "_sshd_usr_config_path") | indent(12)}}}
-              {{{ oval_line_in_directory_criterion(sshd_config_dir, parameter, avoid_conflicting=true, rule_id=rule_id) | indent(12) }}}
-              {{{ oval_line_in_file_criterion(sshd_usr_config_dir, parameter, id_stem=rule_id ~ "_sshd_usr_config_dir") | indent(12) }}}
-            </criteria>
-            {{%- if not missing_parameter_pass -%}}
-            <criterion comment="the configuration exists" test_ref="test_{{{ parameter }}}_present_{{{ rule_id }}}_usr_etc_ssh_sshd_config" />
-            {{%- endif -%}}
-          </criteria>
-        </criteria>
-      </criteria>
-    </criteria>
-  </definition>
-
-  {{{ oval_config_file_exists_test(sshd_config_path, rule_id=rule_id) }}}
-  {{{ oval_config_file_exists_object(sshd_config_path, rule_id=rule_id) }}}
-
-  {{{ oval_line_in_file_test(sshd_config_path, parameter, avoid_conflicting=true, rule_id=rule_id) | indent (2) }}}
-  {{{ oval_line_in_file_object(sshd_config_path, parameter=parameter, rule_id=rule_id, ** case_insensitivity_kwargs)| indent (2) }}}
-
-  {{{ oval_line_in_directory_test(sshd_config_dir, parameter, avoid_conflicting=true, rule_id=rule_id) | indent (2) }}}
-  {{{ oval_line_in_directory_object(sshd_config_dir, parameter=parameter, rule_id=rule_id, ** case_insensitivity_kwargs) | indent (2) }}}
-  {{%- if xccdf_variable -%}}
-  {{{ oval_line_in_file_define_variable(xccdf_variable, datatype) }}}
-  {{{ oval_line_in_file_state_xccdf_variable(xccdf_variable, datatype=datatype, rule_id=rule_id) }}}
-  {{{ oval_line_in_directory_state_xccdf_variable(xccdf_variable, datatype, rule_id=rule_id) | indent (2) }}}
-  {{{ oval_line_in_file_state_xccdf_variable(var_name=xccdf_variable, datatype=datatype, id_stem=rule_id ~ "_sshd_usr_config_path") | indent (2) }}}
-  {{{ oval_line_in_file_state_xccdf_variable(var_name=xccdf_variable, datatype=datatype, id_stem=rule_id ~ "_sshd_usr_config_dir") | indent (2) }}}
-  {{%- else -%}}
-  {{{ oval_line_in_file_state(value, rule_id=rule_id) | indent (2) }}}
-  {{{ oval_line_in_directory_state(value, rule_id=rule_id) | indent (2) }}}
-  {{{ oval_line_in_file_state(value, id_stem=rule_id ~ "_sshd_usr_config_path") | indent (2) }}}
-  {{{ oval_line_in_file_state(value, id_stem=rule_id ~ "_sshd_usr_config_dir") | indent (2) }}}
-  {{%- endif -%}}
-
-  {{{ oval_line_in_file_test(sshd_usr_config_path, parameter, avoid_conflicting=true, id_stem=rule_id ~ "_sshd_usr_config_path") | indent (2) }}}
-  {{{ oval_line_in_file_object(sshd_usr_config_path, parameter=parameter, id_stem=rule_id ~ "_sshd_usr_config_path", ** case_insensitivity_kwargs)| indent (2) }}}
-  {{{ oval_line_in_file_test(sshd_usr_config_dir, parameter, avoid_conflicting=true, id_stem=rule_id ~ "_sshd_usr_config_dir") | indent (2) }}}
-  {{{ oval_line_in_file_object(sshd_usr_config_dir, parameter=parameter, filename_regex=".*\.conf$", id_stem=rule_id ~ "_sshd_usr_config_dir", ** case_insensitivity_kwargs) | indent (2) }}}
-
-  {{%- if not missing_parameter_pass -%}}
-  <ind:textfilecontent54_object comment="All confs collection when using /etc/ssh/sshd_config"
-                                id="obj_collection_obj_{{{ rule_id }}}_etc_ssh_sshd_config"
-                                version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>obj_{{{ rule_id }}}</object_reference>
-        <object_reference>obj_{{{ rule_id }}}_config_dir</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>obj_{{{ rule_id }}}_sshd_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_{{{ parameter }}}_present_{{{ rule_id }}}_etc_ssh_sshd_config" version="1"
-                              check="all" check_existence="at_least_one_exists"
-                              comment="Verify that the value of {{{ parameter }}} is present">
-    <ind:object object_ref="obj_collection_obj_{{{ rule_id }}}_etc_ssh_sshd_config" />
-  </ind:textfilecontent54_test>
-
-  <ind:textfilecontent54_object comment="All confs collection when using /usr/etc/ssh/sshd_config"
-                                id="obj_collection_obj_{{{ rule_id }}}_usr_etc_ssh_sshd_config"
-                                version="1">
-    <set set_operator="UNION">
-      <set set_operator="UNION">
-        <object_reference>obj_{{{ rule_id }}}_config_dir</object_reference>
-      </set>
-      <set set_operator="UNION">
-        <object_reference>obj_{{{ rule_id }}}_sshd_usr_config_path</object_reference>
-        <object_reference>obj_{{{ rule_id }}}_sshd_usr_config_dir</object_reference>
-      </set>
-    </set>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_test id="test_{{{ parameter }}}_present_{{{ rule_id }}}_usr_etc_ssh_sshd_config" version="1"
-                              check="all" check_existence="at_least_one_exists"
-                              comment="Verify that the value of {{{ parameter }}} is present">
-    <ind:object object_ref="obj_collection_obj_{{{ rule_id }}}_usr_etc_ssh_sshd_config" />
-  </ind:textfilecontent54_test>
-  {{%- endif -%}}
-</def-group>
-{{%- endmacro -%}}
-
-
 {{#
 Macro to check if external variable is set to value
   :param filepath: Path to the configuration file to be checked.

From 4b2936bad38fe60c212cd29cf9c364c446130f70 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 24 May 2026 10:31:43 +0300
Subject: [PATCH 4/4] Update sshd_lineinfile template to better fit SLE16
 platform

- ansible copy distro defaults and remove Include /usr/etc/ssh/sshd_config.d/*.conf from main config
- bash copy distro defaults and remove Include /usr/etc/ssh/sshd_config.d/*.conf from main config
- removed no longer needed tests checking /usr/etc/ssh stuff
- tests now use sshd_main_config_file and sshd_config_dir(oracle specific test remain unchanged)
---
 .../sshd_lineinfile/ansible.template          | 70 ++++++++-----------
 .../templates/sshd_lineinfile/bash.template   | 17 ++---
 .../templates/sshd_lineinfile/oval.template   | 64 +++++------------
 .../templates/sshd_lineinfile/tests/common.sh | 11 ++-
 .../tests/correct_value_directory.pass.sh     |  2 +-
 .../correct_value_usr_config_dir.pass.sh      |  9 ---
 .../correct_value_usr_config_path.pass.sh     | 13 ----
 .../tests/duplicated_param.pass.sh            |  9 +--
 .../tests/duplicated_param_directory.pass.sh  | 17 ++---
 .../tests/line_not_there.fail.sh              | 18 ++---
 .../tests/main_config_missing.fail.sh         | 12 ++++
 .../tests/param_conflict.fail.sh              | 15 ++--
 .../tests/param_conflict_directory.fail.sh    | 14 ++--
 ...param_conflict_file_with_directory.fail.sh | 14 ++--
 .../sshd_lineinfile/tests/wrong_value.fail.sh | 12 ++--
 .../tests/wrong_value_directory.fail.sh       | 12 ++--
 .../tests/wrong_value_usr_config_dir.fail.sh  | 14 ----
 .../tests/wrong_value_usr_config_path.fail.sh | 16 -----
 18 files changed, 134 insertions(+), 205 deletions(-)
 delete mode 100644 shared/templates/sshd_lineinfile/tests/correct_value_usr_config_dir.pass.sh
 delete mode 100644 shared/templates/sshd_lineinfile/tests/correct_value_usr_config_path.pass.sh
 create mode 100644 shared/templates/sshd_lineinfile/tests/main_config_missing.fail.sh
 delete mode 100644 shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_dir.fail.sh
 delete mode 100644 shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_path.fail.sh

diff --git a/shared/templates/sshd_lineinfile/ansible.template b/shared/templates/sshd_lineinfile/ansible.template
index 0739450cdf24..97d7a94a8ade 100644
--- a/shared/templates/sshd_lineinfile/ansible.template
+++ b/shared/templates/sshd_lineinfile/ansible.template
@@ -4,46 +4,38 @@
 # complexity = low
 # disruption = low
 
+{{% if product in [ 'sle16', 'slmicro6' ] %}}
+{{{ ansible_copy_distro_defaults("/usr/etc/ssh/sshd_config", sshd_main_config_file, rule_title=rule_title) }}}
+- name: Check if SSH {{{ sshd_main_config_file }}} configuration file exists
+  ansible.builtin.stat:
+    path: {{{ sshd_main_config_file }}}
+  register: sshd_main_config_file_{{{ rule_id }}}
+{{{
+    ansible_lineinfile(
+        rule_title + ' - Remove /usr/etc/ssh/sshd_config.d/*.conf include directive from ' + sshd_main_config_file,
+        path=sshd_main_config_file,
+        regex='^\s*Include\s+\/usr\/etc\/ssh\/sshd_config\.d/\*\.conf',
+        state='absent',
+        when='sshd_main_config_file_' + rule_id + '.stat.exists'
+    )
+}}}
+{{% endif %}}
+
 {{% if XCCDF_VARIABLE %}}
 {{{ ansible_instantiate_variables(XCCDF_VARIABLE) }}}
-    {{%- if product == 'sle16' -%}}
-        {{{
-            ansible_sshd_set_usr(
-                parameter=PARAMETER,
-                value="{{ "+XCCDF_VARIABLE+" }}",
-                copy_defaults='true',
-                config_basename=CONFIG_BASENAME,
-                rule_title=rule_title
-            )
-        }}}
-    {{%- else -%}}
-        {{{
-            ansible_sshd_set(
-                parameter=PARAMETER,
-                value="{{ "+XCCDF_VARIABLE+" }}",
-                config_is_distributed=sshd_distributed_config,
-                config_basename=CONFIG_BASENAME, rule_title=rule_title)
-        }}}
-    {{%- endif -%}}
+    {{{
+        ansible_sshd_set(
+            parameter=PARAMETER,
+            value="{{ "+XCCDF_VARIABLE+" }}",
+            config_is_distributed=sshd_distributed_config,
+            config_basename=CONFIG_BASENAME, rule_title=rule_title)
+    }}}
 {{% else %}}
-    {{%- if product == 'sle16' -%}}
-        {{{
-            ansible_sshd_set_usr(
-                parameter=PARAMETER,
-                value=VALUE,
-                copy_defaults='true',
-                config_basename=CONFIG_BASENAME,
-                rule_title=rule_title
-            )
-        }}}
-    {{%- else -%}}
-        {{{
-            ansible_sshd_set(
-                parameter=PARAMETER,
-                value=VALUE,
-                config_is_distributed=sshd_distributed_config,
-                config_basename=CONFIG_BASENAME, rule_title=rule_title)
-        }}}
-    {{%- endif -%}}
-
+    {{{
+        ansible_sshd_set(
+            parameter=PARAMETER,
+            value=VALUE,
+            config_is_distributed=sshd_distributed_config,
+            config_basename=CONFIG_BASENAME, rule_title=rule_title)
+    }}}
  {{% endif %}}
diff --git a/shared/templates/sshd_lineinfile/bash.template b/shared/templates/sshd_lineinfile/bash.template
index 4bec19d82f43..2ec3a9ac9136 100644
--- a/shared/templates/sshd_lineinfile/bash.template
+++ b/shared/templates/sshd_lineinfile/bash.template
@@ -4,17 +4,14 @@
 # complexity = low
 # disruption = low
 
+{{% if product in ['sle16', 'slmicro6'] %}}
+    {{{ bash_copy_distro_defaults("/usr/etc/ssh/sshd_config", sshd_main_config_file) }}}
+    {{{ lineinfile_absent(sshd_main_config_file, "^\s*Include\s*/usr/etc/ssh/sshd_config\.d/\*\.conf", sed_path_separator="#", rule_id=rule_id) }}}
+{{% endif %}}
+
 {{% if XCCDF_VARIABLE %}}
     {{{- bash_instantiate_variables(XCCDF_VARIABLE) -}}}
-    {{%- if product == 'sle16' -%}}
-        {{{- bash_sshd_remediation_usr(parameter=PARAMETER, value="$" ~ XCCDF_VARIABLE, copy_defaults=true, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
-    {{%- else -%}}
-        {{{- bash_sshd_remediation(parameter=PARAMETER, value="$" ~ XCCDF_VARIABLE, config_is_distributed=sshd_distributed_config, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
-    {{%- endif -%}}
+    {{{- bash_sshd_remediation(parameter=PARAMETER, value="$" ~ XCCDF_VARIABLE, config_is_distributed=sshd_distributed_config, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
 {{%- else -%}}
-    {{%- if product == 'sle16' -%}}
-        {{{- bash_sshd_remediation_usr(parameter=PARAMETER, value=VALUE, copy_defaults=true, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
-    {{%- else -%}}
-        {{{- bash_sshd_remediation(parameter=PARAMETER, value=VALUE, config_is_distributed=sshd_distributed_config, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
-    {{%- endif -%}}
+    {{{- bash_sshd_remediation(parameter=PARAMETER, value=VALUE, config_is_distributed=sshd_distributed_config, config_basename=CONFIG_BASENAME, rule_id=rule_id) -}}}
 {{%- endif -%}}
diff --git a/shared/templates/sshd_lineinfile/oval.template b/shared/templates/sshd_lineinfile/oval.template
index 20e9534ff10f..81ca13802a9e 100644
--- a/shared/templates/sshd_lineinfile/oval.template
+++ b/shared/templates/sshd_lineinfile/oval.template
@@ -1,53 +1,27 @@
-{{%- if product == 'sle16' -%}}
-    {{%- if XCCDF_VARIABLE -%}}
-        {{{
-            sshd_oval_check_usr(
-                parameter=PARAMETER,
-                xccdf_variable=XCCDF_VARIABLE,
-                missing_parameter_pass=MISSING_PARAMETER_PASS,
-                datatype=DATATYPE,
-                rule_id=rule_id,
-                rule_title=rule_title
-            )
-        }}}
-    {{%- else -%}}
-        {{{
-            sshd_oval_check_usr(
+{{%- if XCCDF_VARIABLE -%}}
+    {{{
+        sshd_oval_check(
             parameter=PARAMETER,
-            value=VALUE,
-            missing_parameter_pass=MISSING_PARAMETER_PASS,
-            datatype=DATATYPE,
-            rule_id=rule_id,
-            rule_title=rule_title
-            )
-        }}}
-    {{%- endif -%}}
-{{%- else -%}}
-    {{%- if XCCDF_VARIABLE -%}}
-        {{{
-            sshd_oval_check(
-                parameter=PARAMETER,
-                xccdf_variable=XCCDF_VARIABLE,
-                missing_parameter_pass=MISSING_PARAMETER_PASS,
-                config_is_distributed=sshd_distributed_config,
-                runtime_check=sshd_runtime_check,
-                datatype=DATATYPE,
-                rule_id=rule_id,
-                rule_title=rule_title
-            )
-        }}}
-    {{%- else -%}}
-        {{{
-            sshd_oval_check(
-            parameter=PARAMETER,
-            value=VALUE,
+            xccdf_variable=XCCDF_VARIABLE,
             missing_parameter_pass=MISSING_PARAMETER_PASS,
             config_is_distributed=sshd_distributed_config,
             runtime_check=sshd_runtime_check,
             datatype=DATATYPE,
             rule_id=rule_id,
             rule_title=rule_title
-            )
-        }}}
-    {{%- endif -%}}
+        )
+    }}}
+{{%- else -%}}
+    {{{
+        sshd_oval_check(
+        parameter=PARAMETER,
+        value=VALUE,
+        missing_parameter_pass=MISSING_PARAMETER_PASS,
+        config_is_distributed=sshd_distributed_config,
+        runtime_check=sshd_runtime_check,
+        datatype=DATATYPE,
+        rule_id=rule_id,
+        rule_title=rule_title
+        )
+    }}}
 {{%- endif -%}}
diff --git a/shared/templates/sshd_lineinfile/tests/common.sh b/shared/templates/sshd_lineinfile/tests/common.sh
index 23d7937088af..2fc494bfb51f 100644
--- a/shared/templates/sshd_lineinfile/tests/common.sh
+++ b/shared/templates/sshd_lineinfile/tests/common.sh
@@ -1,15 +1,12 @@
 #!/bin/bash
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config" /etc/ssh/sshd_config.d/*)
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/*)
-{{% endif %}}
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
 if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
 	sed -i "s/^{{{ PARAMETER }}}.*/# {{{ PARAMETER }}} {{{ CORRECT_VALUE }}}/g" "${SSHD_PATHS[@]}"
 else
-	echo "# {{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /etc/ssh/sshd_config
+	echo "# {{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_main_config_file }}}"
 fi
diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
index c0926871f3a3..6dbfe129b6d6 100644
--- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
@@ -8,7 +8,7 @@
 source common.sh
 
 {{% if product in ["ol8", "ol9"] %}}
-{{{ bash_replace_or_append("/etc/ssh/sshd_config", "Include", "/etc/ssh/sshd_config.d/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
+{{{ bash_replace_or_append("{{{ sshd_main_config_file }}}", "Include", "{{{ sshd_config_dir }}}/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
 {{% endif %}}
 
 {{{ bash_sshd_remediation(parameter=PARAMETER, value=CORRECT_VALUE, config_is_distributed=sshd_distributed_config, rule_id=rule_id) -}}}
diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_dir.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_dir.pass.sh
deleted file mode 100644
index b853676b0552..000000000000
--- a/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_dir.pass.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source common.sh
-
-{{%- if XCCDF_VARIABLE %}}
-# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
-{{%- endif %}}
-
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /usr/etc/ssh/sshd_config.d/oscap-sshd-config.conf
diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_path.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_path.pass.sh
deleted file mode 100644
index b5dfae159dac..000000000000
--- a/shared/templates/sshd_lineinfile/tests/correct_value_usr_config_path.pass.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-source common.sh
-
-{{%- if XCCDF_VARIABLE %}}
-# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
-{{%- endif %}}
-
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
-fi
-
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /usr/etc/ssh/sshd_config
diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param.pass.sh
index 8d3d7be24f18..ef67ff9af4da 100644
--- a/shared/templates/sshd_lineinfile/tests/duplicated_param.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/duplicated_param.pass.sh
@@ -1,12 +1,9 @@
 #!/bin/bash
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config" /etc/ssh/sshd_config.d/*)
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/*)
-{{% endif %}}
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
 
 if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
     sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
index 82208603091e..9b1f59e26523 100644
--- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
@@ -2,17 +2,14 @@
 
 # platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,SUSE Linux Enterprise 16,multi_platform_fedora,multi_platform_ubuntu
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
 
 {{% if product in ["ol8", "ol9"] %}}
 {{{ bash_replace_or_append("/etc/ssh/sshd_config", "Include", "/etc/ssh/sshd_config.d/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
 {{% endif %}}
 
-declare -a SSHD_PATHS=("/etc/ssh/sshd_config" /etc/ssh/sshd_config.d/*)
-{{% if product == 'sle16' %}}
-SSHD_PATHS+=("/usr/etc/ssh/sshd_config" /usr/etc/ssh/sshd_config.d/*)
-{{% endif %}}
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
 if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
     sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
@@ -22,5 +19,9 @@ fi
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /etc/ssh/sshd_config.d/first.conf
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /etc/ssh/sshd_config.d/second.conf
+{{% if product in ["sle16", "slmicro6"] %}}
+touch "{{{ sshd_main_config_file }}}"
+{{% endif %}}
+
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_config_dir }}}/first.conf"
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_config_dir }}}/second.conf"
diff --git a/shared/templates/sshd_lineinfile/tests/line_not_there.fail.sh b/shared/templates/sshd_lineinfile/tests/line_not_there.fail.sh
index da6e5e46e494..c227c032448b 100644
--- a/shared/templates/sshd_lineinfile/tests/line_not_there.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/line_not_there.fail.sh
@@ -2,12 +2,14 @@
 
 SSHD_PARAM={{{ PARAMETER }}}
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
-
-{{% if product == 'sle16' %}}
-touch /etc/ssh/sshd_config
-sed -i "/^\s*${SSHD_PARAM}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d/*
-{{% else %}}
-sed -i "/^\s*${SSHD_PARAM}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
+
+{{% if product in ['sle16', 'slmicro6'] %}}
+touch "{{{ sshd_main_config_file }}}"
 {{% endif %}}
+
+if grep -q "^\s*${SSHD_PARAM}" "${SSHD_PATHS[@]}" ; then
+    sed -i "/^\s*${SSHD_PARAM}.*/Id" "${SSHD_PATHS[@]}"
+fi
diff --git a/shared/templates/sshd_lineinfile/tests/main_config_missing.fail.sh b/shared/templates/sshd_lineinfile/tests/main_config_missing.fail.sh
new file mode 100644
index 000000000000..0aec68a9fdb1
--- /dev/null
+++ b/shared/templates/sshd_lineinfile/tests/main_config_missing.fail.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# platform = SUSE Linux Enterprise 16
+
+{{% if XCCDF_VARIABLE %}}
+# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
+{{% endif %}}
+
+if [ -e "{{{ sshd_main_config_file }}}" ] ; then
+    rm "{{{ sshd_main_config_file }}}"
+fi
+# correct value in drop-in, but missing global main config
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_config_dir }}}/other.conf"
diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict.fail.sh
index 8429f10b82ba..0d80bd5d25f8 100644
--- a/shared/templates/sshd_lineinfile/tests/param_conflict.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/param_conflict.fail.sh
@@ -1,17 +1,18 @@
 #!/bin/bash
 
-
 {{% if XCCDF_VARIABLE %}}
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
+
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
-if grep -q "^\s*{{{ PARAMETER }}}" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
+	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
 fi
 
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /etc/ssh/sshd_config
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" >> /etc/ssh/sshd_config
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_main_config_file }}}"
+echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" >> "{{{ sshd_main_config_file }}}"
diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
index 265edbc57b95..4c208b74f774 100644
--- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
@@ -7,16 +7,18 @@
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
+
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
 {{% if product in ["ol8", "ol9"] %}}
 {{{ bash_replace_or_append("/etc/ssh/sshd_config", "Include", "/etc/ssh/sshd_config.d/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
 {{% endif %}}
 
-if grep -q "^\s*{{{ PARAMETER }}}" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}"; then
+	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
 fi
 
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" > /etc/ssh/sshd_config.d/good_config.conf
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > /etc/ssh/sshd_config.d/bad_config.conf
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" > "{{{ sshd_config_dir }}}/good_config.conf"
+echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > "{{{ sshd_config_dir }}}/bad_config.conf"
diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
index f9684e501973..6c8d697beb7f 100644
--- a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
@@ -6,16 +6,18 @@
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
+
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
 {{% if product in ["ol8", "ol9"] %}}
 {{{ bash_replace_or_append("/etc/ssh/sshd_config", "Include", "/etc/ssh/sshd_config.d/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
 {{% endif %}}
 
-if grep -q "^\s*{{{ PARAMETER }}}" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
+	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
 fi
 
-echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> /etc/ssh/sshd_config
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > /etc/ssh/sshd_config.d/bad_config.conf
+echo "{{{ PARAMETER }}} {{{ CORRECT_VALUE }}}" >> "{{{ sshd_main_config_file }}}"
+echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > "{{{ sshd_config_dir }}}/bad_config.conf"
diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value.fail.sh
index a03bbbca2354..1e24497f7604 100644
--- a/shared/templates/sshd_lineinfile/tests/wrong_value.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/wrong_value.fail.sh
@@ -4,11 +4,13 @@
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
 
-if grep -q "^\s*{{{ PARAMETER }}}" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
+
+if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
+	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
 fi
 
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" >> /etc/ssh/sshd_config
+echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" >> "{{{ sshd_main_config_file }}}"
diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
index 5c94854046f8..27289a29edd6 100644
--- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
@@ -6,15 +6,17 @@
 # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 {{% endif %}}
 
-mkdir -p /etc/ssh/sshd_config.d
-touch /etc/ssh/sshd_config.d/nothing
+mkdir -p "{{{ sshd_config_dir }}}"
+touch "{{{ sshd_config_dir }}}/nothing"
+
+declare -a SSHD_PATHS=("{{{ sshd_main_config_file }}}" "{{{ sshd_config_dir }}}/*")
 
 {{% if product in ["ol8", "ol9"] %}}
 {{{ bash_replace_or_append("/etc/ssh/sshd_config", "Include", "/etc/ssh/sshd_config.d/*.conf", "%s %s", cce_identifiers=cce_identifiers) }}}
 {{% endif %}}
 
-if grep -q "^\s*{{{ PARAMETER }}}" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*
+if grep -q "^\s*{{{ PARAMETER }}}" "${SSHD_PATHS[@]}" ; then
+	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" "${SSHD_PATHS[@]}"
 fi
 
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > /etc/ssh/sshd_config.d/bad_config.conf
+echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > "{{{ sshd_config_dir }}}/bad_config.conf"
diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_dir.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_dir.fail.sh
deleted file mode 100644
index a073ad1c0991..000000000000
--- a/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_dir.fail.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-
-{{% if XCCDF_VARIABLE %}}
-# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
-{{% endif %}}
-
-touch /usr/etc/ssh/sshd_config.d/oscap-sshd-config.conf
-
-if grep -q "^\s*{{{ PARAMETER }}}" /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d/*
-fi
-
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" > /usr/etc/ssh/sshd_config.d/oscap-sshd-config.conf
diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_path.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_path.fail.sh
deleted file mode 100644
index 0ff115b7e45e..000000000000
--- a/shared/templates/sshd_lineinfile/tests/wrong_value_usr_config_path.fail.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# platform = SUSE Linux Enterprise 16
-
-{{% if XCCDF_VARIABLE %}}
-# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
-{{% endif %}}
-
-if [ -e "/etc/ssh/sshd_config" ] ; then
-    rm /etc/ssh/sshd_config
-fi
-
-if grep -q "^\s*{{{ PARAMETER }}}" /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d/* ; then
-	sed -i "/^\s*{{{ PARAMETER }}}.*/Id" /usr/etc/ssh/sshd_config /usr/etc/ssh/sshd_config.d/*
-fi
-
-echo "{{{ PARAMETER }}} {{{ WRONG_VALUE }}}" >> /usr/etc/ssh/sshd_config