diff --git a/config.yaml b/config.yaml
index ff34e40..4498163 100644
--- a/config.yaml
+++ b/config.yaml
@@ -3,14 +3,14 @@ actions:
- target: "spec"
find: |
%if 0%{?centos}
- %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
+ %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
replace: |
%if 0%{?centos}
- %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
+ %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON
%endif
%if 0%{?almalinux}
- %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF
+ %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_SCE_ENABLED:BOOL=ON
%endif
count: 1
diff --git a/files/scap-security-guide-add-almalinux10-product.patch b/files/scap-security-guide-add-almalinux10-product.patch
index d099949..4313eae 100644
--- a/files/scap-security-guide-add-almalinux10-product.patch
+++ b/files/scap-security-guide-add-almalinux10-product.patch
@@ -1,9 +1,9 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 699194b97..3f6cf218a 100644
+index a31014247..378b66c5a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -87,7 +87,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
- # project. Note that the example product is always disabled unless explicitly asked for.
+@@ -90,7 +90,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
+ option(SSG_PRODUCT_AL2023 "If enabled, the Amazon Linux 2023 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
-option(SSG_PRODUCT_ALMALINUX9 "If enabled, the AlmaLinux OS 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -11,8 +11,8 @@ index 699194b97..3f6cf218a 100644
option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
-@@ -319,7 +319,7 @@ message(STATUS " ")
- message(STATUS "Products:")
+@@ -328,7 +328,7 @@ message(STATUS "Products:")
+ message(STATUS "Amazon Linux 2023: ${SSG_PRODUCT_AL2023}")
message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}")
message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}")
-message(STATUS "AlmaLinux OS 9: ${SSG_PRODUCT_ALMALINUX9}")
@@ -20,7 +20,7 @@ index 699194b97..3f6cf218a 100644
message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}")
message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}")
message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}")
-@@ -386,8 +386,8 @@ endif()
+@@ -394,8 +394,8 @@ endif()
if(SSG_PRODUCT_ALINUX3)
add_subdirectory("products/alinux3" "alinux3")
endif()
@@ -32,23 +32,34 @@ index 699194b97..3f6cf218a 100644
if(SSG_PRODUCT_ANOLIS8)
add_subdirectory("products/anolis8" "anolis8")
diff --git a/build_product b/build_product
-index 89d967124..44f4efeb2 100755
+index 90b25237e..4e4ffe3d9 100755
--- a/build_product
+++ b/build_product
-@@ -359,7 +359,7 @@ all_cmake_products=(
+@@ -364,7 +364,7 @@ all_cmake_products=(
AL2023
ALINUX2
ALINUX3
- ALMALINUX9
+ ALMALINUX10
- ANOLIS8
ANOLIS23
+ ANOLIS8
CHROMIUM
diff --git a/controls/anssi.yml b/controls/anssi.yml
-index cdcec6573..a74b7c2f6 100644
+index 86b84a044..2d04a7814 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
-@@ -1244,7 +1244,7 @@ controls:
+@@ -806,10 +806,8 @@ controls:
+ ANSSI doesn't specify the length of the inactivity period, we are choosing 10 minutes as reasonable number.
+ status: automated
+ rules:
+- {{% if "rhel" in product or "ol" in families %}}
+ - logind_session_timeout
+ - var_logind_session_timeout=10_minutes
+- {{% endif %}}
+ - accounts_tmout
+ - var_accounts_tmout=10_min
+
+@@ -1246,7 +1244,7 @@ controls:
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_globally_activated
- ensure_gpgcheck_local_packages
@@ -57,6 +68,17 @@ index cdcec6573..a74b7c2f6 100644
- ensure_oracle_gpgkey_installed
- ensure_almalinux_gpgkey_installed
+@@ -1298,10 +1296,6 @@ controls:
+ - package_rsh_removed
+ - package_rsh-server_removed
+ - package_sendmail_removed
+- {{%- if "rhel" not in product %}}
+- - package_talk_removed
+- - package_talk-server_removed
+- {{%- endif %}}
+ - package_telnet_removed
+ - package_telnet-server_removed
+ - package_tftp_removed
diff --git a/controls/cis_almalinux9.yml b/controls/cis_almalinux9.yml
index 4591f52c6..670d0b14f 100644
--- a/controls/cis_almalinux9.yml
@@ -71,10 +93,10 @@ index 4591f52c6..670d0b14f 100644
- id: 1.2.1.2
title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
-index e35482b2d..029f55f58 100644
+index 8a3fd6b86..e1a46a905 100644
--- a/controls/cis_rhel10.yml
+++ b/controls/cis_rhel10.yml
-@@ -315,7 +315,7 @@ controls:
+@@ -303,7 +303,7 @@ controls:
- l1_workstation
status: manual
related_rules:
@@ -84,7 +106,7 @@ index e35482b2d..029f55f58 100644
- id: 1.2.1.2
title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
-index f2a1e6d3a..2657914ff 100644
+index 05152b5b8..fa73354e0 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
@@ -353,7 +353,7 @@ controls:
@@ -97,7 +119,7 @@ index f2a1e6d3a..2657914ff 100644
- id: 1.2.2
title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
-index 05a3e4ac3..98cb1a49b 100644
+index 017acb8d4..d97bb7c0b 100644
--- a/controls/cis_rhel9.yml
+++ b/controls/cis_rhel9.yml
@@ -360,7 +360,7 @@ controls:
@@ -110,10 +132,10 @@ index 05a3e4ac3..98cb1a49b 100644
- id: 1.2.1.2
title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/e8.yml b/controls/e8.yml
-index c3dc27737..3d81cacef 100644
+index dac6a8c85..640cd37c0 100644
--- a/controls/e8.yml
+++ b/controls/e8.yml
-@@ -22,7 +22,7 @@ controls:
+@@ -24,7 +24,7 @@ controls:
- service_avahi-daemon_disabled
- package_squid_removed
- service_squid_disabled
@@ -123,7 +145,7 @@ index c3dc27737..3d81cacef 100644
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_globally_activated
diff --git a/controls/hipaa.yml b/controls/hipaa.yml
-index fdd9e8c65..df7a5b272 100644
+index 27895b700..a34683373 100644
--- a/controls/hipaa.yml
+++ b/controls/hipaa.yml
@@ -167,7 +167,7 @@ controls:
@@ -135,7 +157,7 @@ index fdd9e8c65..df7a5b272 100644
- ensure_suse_gpgkey_installed
- ensure_almalinux_gpgkey_installed
status: automated
-@@ -1393,7 +1393,7 @@ controls:
+@@ -1388,7 +1388,7 @@ controls:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_repo_metadata
@@ -144,7 +166,7 @@ index fdd9e8c65..df7a5b272 100644
- ensure_suse_gpgkey_installed
- ensure_almalinux_gpgkey_installed
status: automated
-@@ -1424,7 +1424,7 @@ controls:
+@@ -1419,7 +1419,7 @@ controls:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_repo_metadata
@@ -153,7 +175,7 @@ index fdd9e8c65..df7a5b272 100644
- ensure_suse_gpgkey_installed
- ensure_almalinux_gpgkey_installed
status: automated
-@@ -1444,7 +1444,7 @@ controls:
+@@ -1439,7 +1439,7 @@ controls:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_repo_metadata
@@ -162,7 +184,7 @@ index fdd9e8c65..df7a5b272 100644
- ensure_suse_gpgkey_installed
- ensure_almalinux_gpgkey_installed
status: automated
-@@ -1725,7 +1725,7 @@ controls:
+@@ -1720,7 +1720,7 @@ controls:
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_repo_metadata
@@ -172,7 +194,7 @@ index fdd9e8c65..df7a5b272 100644
- ensure_almalinux_gpgkey_installed
status: automated
diff --git a/controls/ospp.yml b/controls/ospp.yml
-index 20ae9fa45..88a5dff83 100644
+index 505f7b2a7..e67bf76d1 100644
--- a/controls/ospp.yml
+++ b/controls/ospp.yml
@@ -447,7 +447,7 @@ controls:
@@ -194,7 +216,7 @@ index 20ae9fa45..88a5dff83 100644
- id: FPT_TST_EXT.1
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
-index 39f47c3c3..883f23458 100644
+index 1bdd27a73..111e3a773 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -1555,7 +1555,7 @@ controls:
@@ -206,22 +228,8 @@ index 39f47c3c3..883f23458 100644
- ensure_suse_gpgkey_installed
- ensure_almalinux_gpgkey_installed
- ensure_gpgcheck_globally_activated
-diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
-index dbec9fe45..a8ba161c2 100644
---- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
-+++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
-@@ -18,6 +18,9 @@ controls:
- {{% if 'rhel' in product %}}
- - ensure_redhat_gpgkey_installed
- {{% endif %}}
-+ {{% if 'almalinux' in product %}}
-+ - ensure_almalinux_gpgkey_installed
-+ {{% endif %}}
- {{% if 'ol' in product %}}
- - ensure_oracle_gpgkey_installed
- {{% endif %}}
diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
-index 32b70f006..37219d207 100644
+index f66299e6f..5448dee70 100644
--- a/controls/stig_rhel9.yml
+++ b/controls/stig_rhel9.yml
@@ -382,7 +382,7 @@ controls:
@@ -278,7 +286,7 @@ index 083a612a0..3228b89b7 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
-index aa5933406..9d159f0e4 100644
+index 536e45f3a..6fc5182e2 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -286,11 +294,11 @@ index aa5933406..9d159f0e4 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
-index 742a8dc93..ebf3e4241 100644
+index e1aedcc12..041b3a99a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -298,11 +306,11 @@ index 742a8dc93..ebf3e4241 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
-index 1b52b43c4..959b8c363 100644
+index 19e56d957..62dc263da 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -310,11 +318,11 @@ index 1b52b43c4..959b8c363 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
-index 6e725d924..003cbad34 100644
+index 03066622a..00b22dffc 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -322,11 +330,11 @@ index 6e725d924..003cbad34 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
-index be053a0e4..9ae68c06d 100644
+index 5997a0f4b..f8b934477 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -334,11 +342,11 @@ index be053a0e4..9ae68c06d 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
-index 32a315ee3..ceaa81c5d 100644
+index 6614a0151..2d8a70c4d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -346,11 +354,11 @@ index 32a315ee3..ceaa81c5d 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
{{{ setup_auditctl_environment() }}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
-index 900ec1c42..66a26d349 100644
+index ca6cb501c..6e94b709f 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -358,11 +366,11 @@ index 900ec1c42..66a26d349 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
-index 6211dfd8a..0cc9223e1 100644
+index 4cf3be21b..634990a72 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -370,11 +378,11 @@ index 6211dfd8a..0cc9223e1 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
-index 1d00bfac9..41961fe47 100644
+index a943dcd2f..5a5c849c4 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
@@ -1,6 +1,6 @@
@@ -382,11 +390,11 @@ index 1d00bfac9..41961fe47 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
-index a68b4e87a..33230eff8 100644
+index a3feca25d..eb3da476b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -394,11 +402,11 @@ index a68b4e87a..33230eff8 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
-index 97d8f88da..d35376777 100644
+index 4cee4cfb3..09d901e81 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -406,11 +414,11 @@ index 97d8f88da..d35376777 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
-index 43168b5cc..d87e6b3e3 100644
+index b15a095da..44c6a0115 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
@@ -1,6 +1,6 @@
@@ -418,7 +426,7 @@ index 43168b5cc..d87e6b3e3 100644
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
- # profiles = xccdf_org.ssgproject.content_profile_cis
+ # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock
path="/var/run/faillock"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
@@ -687,22 +695,22 @@ index 8b2377d44..39c2bba69 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
-index 3028257be..49e27f007 100644
+index 9c5b7d2eb..cae43ea29 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel
-+# platform = multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
-index 15d6fa4e2..7f98c9915 100644
+index d0626b7aa..71cc2ea03 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel
-+# platform = multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
@@ -768,17 +776,6 @@ index 8a58bbc38..1a73014dc 100644
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- # reboot = true
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
-index 140506b60..4290a051f 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
@@ -1388,10 +1385,10 @@ index 96ee57492..09bfe412b 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
-index 718ceaf08..c4f359bab 100644
+index c40951368..a0c8c7f2c 100644
--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
-@@ -139,7 +139,7 @@ severity: medium
+@@ -149,7 +149,7 @@ severity: medium
# on RHEL9+ there are rules which cover particular hardware architectures
# so do not apply this rule but apply the specific one instead
@@ -1484,7 +1481,7 @@ index 166a20b8e..1d95807b6 100644
kdump disable
service disable kdump
diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
-index 617dc8b2a..a85bfda5c 100644
+index 1e53d881f..a73066e7d 100644
--- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
+++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
@@ -1,4 +1,4 @@
@@ -1523,16 +1520,6 @@ index 001ead7d6..1fc220d8a 100644
{{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}}
-diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/bash/rhel10.sh b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/bash/rhel10.sh
-index 83e95ff8e..3125c0280 100644
---- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/bash/rhel10.sh
-+++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/bash/rhel10.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 10
-+# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10
- # reboot = false
- # strategy = disable
- # complexity = low
diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
index 4963780f8..c3bc5b0de 100644
--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
@@ -1690,15 +1677,29 @@ index 5a97f74df..104b27f3f 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
-index 621452f61..1139681a5 100644
+index 31c4683c8..b03ae1453 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10
+# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10
# profiles = xccdf_org.ssgproject.content_profile_ospp
mkdir -p /etc/ssh/sshd_config.d
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+index 261bbb8ff..b66ad7305 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+@@ -19,7 +19,7 @@ description: |-
+ Also add or update "pam_sss.so" line in auth section of "/etc/pam.d/smartcard-auth" file to
+ include the "allow_missing_name" option, like in the following example:
+ /etc/pam.d/smartcard-auth:auth sufficient pam_sss.so allow_missing_name
+- {{% elif product in ["rhel10"] %}}.
++ {{% elif product in ["rhel10", "almalinux10"] %}}.
+ Ensure you are using the sssd authselect profile with the with-smartcard feature enabled.
+ {{% endif %}}
+
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
index 20d721658..2a4422daf 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
@@ -1847,26 +1848,6 @@ index d3da2f113..a90d73d4b 100644
+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
-diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
-index 58d38f9a2..4eea80461 100644
---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
-index bfa9ddc92..cd29e3739 100644
---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-
- {{{ bash_instantiate_variables("login_banner_text") }}}
-
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
index c2feb1fbc..116c6cde5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
@@ -1878,87 +1859,47 @@ index c2feb1fbc..116c6cde5 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
-diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
-index 2a975b00b..09ecda363 100644
---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
-index 632aa10fd..b2ce651cd 100644
---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-
- {{{ bash_instantiate_variables("motd_banner_text") }}}
-
-diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
-index 5814a30bd..aa4aa4c5c 100644
---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
-index 86aff54f9..b295782b0 100644
---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
-index 1b2e46eff..6c22561e3 100644
+index 6a271415e..db0169ab1 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ncp
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
-index a3e7ebc0e..c65609786 100644
+index 814770179..c8048d4c7 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
-index 4af47e3e0..0fe73b672 100644
+index 39efbc8ba..fd836684b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
-index e1abf408e..ea28b1697 100644
+index 7c4c9bb29..477057df2 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
@@ -2046,6 +1987,17 @@ index 7a6fcb555..8dbcb0b0e 100644
pam_files=("password-auth" "system-auth")
+diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh
+index e82ecb7f5..7386d3217 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+
+ # Package libpwquality cannot be uninstalled normally
+ # as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
index c61f9b6d5..e7cccaed5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
@@ -2304,17 +2256,6 @@ index 19345cfcf..374e76ec6 100644
rm -f /etc/systemd/system/emergency.service
mkdir -p /etc/systemd/system/emergency.service.d/
cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
-index d9fdc678f..a4f6ea6a9 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- service_file="/usr/lib/systemd/system/emergency.service"
- sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
index da0d857f6..a7d75247c 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
@@ -2359,17 +2300,6 @@ index 4557b0512..043753f03 100644
rm -rf /etc/systemd/system/rescue.service.d
mkdir -p /etc/systemd/system/rescue.service.d
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
-index 63b9b08b5..15abe6cec 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- service_file="/usr/lib/systemd/system/rescue.service"
- sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
index 75395cf61..1dcee69f3 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
@@ -2466,16 +2396,6 @@ index 6b2d6cd5e..c20712c9f 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
-index 1a9d35f69..9a5753d98 100644
---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
index 08b89bf8f..cea27ab4d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
@@ -2487,129 +2407,16 @@ index 08b89bf8f..cea27ab4d 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
-index c2afecc19..652fbedb7 100644
+index 8d59d36d3..526165afe 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
- # packages = openssl-pkcs11
+ # packages = openssl-pkcs11,libpam-pkcs11
if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
-diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
-index d7103cc0a..68c252f78 100644
---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
- # packages = openssl-pkcs11
-
- if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
-diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
-index c0cc3c94f..6db041b04 100644
---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
- # packages = openssl-pkcs11
-
- if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
-index 84f13bfea..709b9e923 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
-index 77aa71dd9..b3bfff528 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
-
- {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
-
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
-index aa147fdce..bb8288f5b 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
-@@ -1,5 +1,5 @@
- #! /bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # variables = var_accounts_authorized_local_users_regex=^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$
-
- var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
-index c4c2f7ba0..e03ccee7a 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
-index 6e22e90d7..bfd7508ad 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
-index b04d7cdb8..0d5a5831e 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
-index dcc5de3f1..268aafbab 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
-
- {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
- {{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}}
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-index 18974ea6c..d72de8a97 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
-index 7d6bc11f9..0a8561b81 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
- # reboot = false
- # strategy = restrict
- # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
index ebcb5ac04..674369a42 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
@@ -2630,87 +2437,6 @@ index 7bdb759f6..dd157f1e3 100644
# reboot = false
# strategy = restrict
# complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
-index 8df20d253..ad8320347 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
-index 82110016d..2a73ed386 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
-index 7374c21e8..0a9f303d4 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
-
- {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
-
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
-index c0b520bdf..70ab14cba 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
-index 8316e495a..bf8a4c240 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-
- {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
-
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
-index 117a42585..b41d01a89 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
-index 9c097499f..2c80371bc 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
-index ad3133b1f..eac1b843a 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
- apiVersion: machineconfiguration.openshift.io/v1
- kind: MachineConfig
- spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
index ba82e5ddb..ddbac0bcf 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
@@ -2753,46 +2479,6 @@ index 8f87bf06e..6bed5ef5a 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
-index 5f9c92aac..119219eb0 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
-index 429a8dcd1..8cafea67b 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
-index e7f5c730c..8f06c6cfa 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
-index bd1ba1ccb..d139fdda4 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-
- # uncomment the option if commented
- sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
index 9bbbb9585..766df9993 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
@@ -2833,36 +2519,19 @@ index da628bc5e..90f23cb90 100644
# reboot = false
# strategy = restrict
# complexity = low
-diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
-index 8fa32223f..89e411a7f 100644
---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
-+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
+index 7ea0f9bcf..c975769f8 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+
+ # remediation = none
+-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,multi_platform_ubuntu,multi_platform_sle
++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu,multi_platform_sle
+
+ . $SHARED/grub2.sh
- if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
- mkdir -p /etc/rsyslog.d
-diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
-index 4e321fecb..2818c4ca1 100644
---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
-+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
-index 3933f28b4..d71a075f1 100644
---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
-+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # reboot = false
- # strategy = configure
- # complexity = low
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
index 892523fc4..9fbba1ccb 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
@@ -2896,46 +2565,6 @@ index 82b0d0651..e1c9ecdd5 100644
-diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
-index f42709ef5..8b35da68b 100644
---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
-+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
-index f2019bb9a..a12ceb5c1 100644
---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
-+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
-
- {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}}
-
-diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
-index d6e2b2564..323d3ffaa 100644
---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
-+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
-index ee1cbf7ea..eb4e5adc4 100644
---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
-+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
index 94cb0e893..d13183224 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
@@ -2959,45 +2588,38 @@ index b2a8e350c..e97d0f4a5 100644
result=$XCCDF_RESULT_PASS
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh
-index 784d5722b..26c869e22 100644
+index cfb1cd690..a89ef4dcc 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- #!/bin/bash
mkdir -p "/etc"
+ filepath="/etc/os-release"
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh
-index 3b1d0fafd..1fa04dced 100644
+index 52c2500cb..702369f66 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- #!/bin/bash
mkdir -p "/etc"
+ filepath="/etc/os-release"
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh
-index d6394d7b1..8ed3c31ff 100644
+index 207bfac32..f5e12fe63 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- #!/bin/bash
mkdir -p "/etc"
-diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
-index d787fbbbf..d209806d8 100644
---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
-+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
-
- # enable randomness in ipv6 address generation
- for interface in /etc/sysconfig/network-scripts/ifcfg-*
+ filepath="/etc/os-release"
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
index 87306fedb..88e2884bc 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
@@ -3064,16 +2686,6 @@ index e2951d845..0335df123 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
-index 2bd1bdbca..63ab3fe59 100644
---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
-+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
-
- # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
- # services for NFSv4 from attempting to start IPv6 network listeners
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
index 6bb6de134..1f0664a02 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
@@ -3118,28 +2730,6 @@ index c64da37a3..08535e5a1 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
-index 583b70a3b..d9bca3de6 100644
---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
-+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- # Clean sysctl config directories
- rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
-diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
-index ef545976d..bf1ccb250 100644
---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
-+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- # Clean sysctl config directories
- rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
index 8b075d55e..0dd17a34b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
@@ -3272,241 +2862,23 @@ index 89d344c4f..1a926adaa 100644
# check-import = stdout
tbl_output=$(nft list tables | grep inet)
-diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
-index 57cc29270..4b1b2805e 100644
---- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
-+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_rhel,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
-
- rm -f /etc/modprobe.d/dccp-blacklist.conf
- echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
-diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
-index 0f2d15979..27572472b 100644
---- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
-+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
-@@ -1,3 +1,3 @@
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- source common.sh
-diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
-index 469db24e9..671a4d019 100644
---- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
-+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- source common.sh
-
-diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
-index 045befe2b..71c3e933a 100644
---- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
-+++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 10,multi_platform_ol,multi_platform_rhv,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ol,multi_platform_rhv,multi_platform_fedora
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
-index 33caa81c9..df5b4eacb 100644
---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
-+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
-index e488cceeb..f36b06f69 100644
---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
-+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
- df --local -P | awk '{if (NR!=1) print $6}' \
- | xargs -I '$6' find '$6' -xdev -type d \
- \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
-index d2b47d989..9f25146b9 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- DIRS="/lib /lib64 /usr/lib /usr/lib64"
- for dirPath in $DIRS; do
- find "$dirPath" -type d -exec chown root '{}' \;
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
-index 542184ae8..9cdfbf737 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- groupadd nogroup
- DIRS="/lib /lib64"
- for dirPath in $DIRS; do
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
-index 5f8dcd2eb..7980d87b5 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- DIRS="/lib /lib64 /usr/lib /usr/lib64"
- for dirPath in $DIRS; do
- find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
-index c3cd0944b..3c41df40c 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- DIRS="/lib /lib64 /usr/lib /usr/lib64"
- for dirPath in $DIRS; do
- chmod -R 755 "$dirPath"
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
-index 90ae74be6..243a8e16e 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- DIRS="/lib /lib64"
- for dirPath in $DIRS; do
- mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
-index ebaf9b766..858020d51 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- DIRS="/usr/lib /usr/lib64"
- for dirPath in $DIRS; do
- mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
-index 8e9fc7b8b..7ce862d34 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = medium
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
-index 126824999..853c50bb1 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
-
- for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
- do
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
-index bfa87de9e..8e2e64479 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = medium
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
-index c01f262cb..2f899a4ae 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
- find /bin/ \
- /usr/bin/ \
- /usr/local/bin/ \
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
-index 9c3fa6fe9..78ab97152 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
-
- for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
- do
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
-index 02867684c..8b274eded 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
-
- useradd user_test
- for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
-index 81d8a339e..70345d4e7 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
-
- useradd user_test
-
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
-index 3382568ce..b4f4bd0a0 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
-
- useradd user_test
-
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
-index ab6d35c79..f37c06f86 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = medium
-diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
-index 6eef84def..984fb7f55 100644
---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
-+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
- DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
- for dirPath in $DIRS; do
- find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
-index 5356d3742..a85c88001 100644
+index af967f535..4847d0c3c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
-index 7352b60aa..fc84e065c 100644
+index 1fd8fe347..5dc9e9538 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
@@ -3566,16 +2938,6 @@ index d94802273..554e34e00 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
-index c57a01958..f75667220 100644
---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
-+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
- SECURITY_LIMITS_FILE="/etc/security/limits.conf"
-
- if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
index 41cbd1197..481afa583 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
@@ -3598,28 +2960,6 @@ index 415b0486d..02b1e991a 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
-index 70189666c..22f9e966b 100644
---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
-+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- # Clean sysctl config directories
- rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
-diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
-index 209395fa9..23cce30a8 100644
---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
-+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- # Clean sysctl config directories
- rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
index 7a4c107b2..22e209120 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
@@ -3631,28 +2971,6 @@ index 7a4c107b2..22e209120 100644
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
-diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
-index 6d87da5f2..021acd31f 100755
---- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
-+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # remediation = none
-
- cp /proc/cpuinfo /tmp/cpuinfo
-diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
-index 3260539b3..29d22d491 100755
---- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
-+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # remediation = none
-
- cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
index 88c683445..fa9b2020d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
@@ -3665,7 +2983,7 @@ index 88c683445..fa9b2020d 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
-index b555eca8f..8abc90cd5 100644
+index a94218c1b..95b2046e0 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -12,7 +12,7 @@ rationale: |-
@@ -3799,7 +3117,7 @@ index fdd4fb83e..3274d5b36 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
-index 2520d3dcc..ed0bc9538 100644
+index 9558acad7..52cc0a789 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
@@ -1,5 +1,5 @@
@@ -3809,315 +3127,19 @@ index 2520d3dcc..ed0bc9538 100644
# Package libselinux cannot be uninstalled normally
# as it would cause removal of sudo package which is
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
-index c3baa1b80..be83f158f 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
-index 917fc7dc4..bc1d7c63c 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
-index f5d68f1c3..91f02c0d4 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
-index 45e6c24aa..e06d9600f 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
-index 6b19c8138..1f656f5a8 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
-index ef2933c52..0d72f6f65 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
-index 0ca67c74a..332a5018a 100644
---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
-index 60417ff4e..0af05e798 100644
---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
-index ac168ef9f..69ecfa6a7 100644
---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
-index 51e4063c3..3591b7266 100644
---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
-index 33460b61c..04074e66b 100644
---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
-index 4e389aa5c..254db9bfe 100644
---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
-index c3922e5b0..40515598a 100644
---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
-index 09eed8367..601191b49 100644
---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
-index bf1efbe61..efa5b96a6 100644
---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
-index f7c7b4379..95781d5ab 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
-index d3f144c89..ae170b802 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
-index 5b08acff4..d1af90b16 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
-index 9d034e519..2c45806b4 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
-index d04e6893f..5b9cba007 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
-index 34ff91ab3..875abf68d 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
-index 4dbe2b3c8..7313b6bcd 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
-index 606e00c5f..792db4ca4 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
-index ed7d98843..a41cb7151 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
-index c379700ad..6d91cec21 100644
---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
-index 9830ea565..c0913adb5 100644
---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
-index fa4f578ef..f0d0708d1 100644
---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
-+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
- # reboot = false
- # strategy = unknown
- # complexity = low
-diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
-index c7617bc43..7de8de33c 100644
---- a/linux_os/guide/system/software/gnome/group.yml
-+++ b/linux_os/guide/system/software/gnome/group.yml
-@@ -12,7 +12,7 @@ description: |-
- {{% if 'ol' in product %}}
- Oracle Linux Graphical environment.
- {{% else %}}
-- Red Hat Graphical environment.
-+ AlmaLinux Graphical environment.
- {{% endif %}}
- {{{ weblink(link="https://www.gnome.org") }}} .
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
-index e0b7e6db5..cecdda738 100644
+index 24223598f..5503047c7 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
-@@ -4,6 +4,7 @@
+@@ -4,7 +4,7 @@
The operating system installed on the system is supported by a vendor that provides security patches.
") }}}
+- /etc/aide.conf </etc/aide.conf </etc/aide.conf <> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
-index 39ec72b52..a2849d3b4 100644
---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
-+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # variables = var_sudo_umask=0027
-
- echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
-index 0e5aed5d0..c75edccd5 100644
---- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
- # remediation = none
-
- # Make sure sudo is owned by root group
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
-index 4cf3ce661..296d0b930 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
-index ee448e531..13b381ede 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- touch /etc/sudoers.d/empty
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
-index ef3750b2f..ccef4017d 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
-index ebbcef34d..0e3a3d43a 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
-index 3794bb647..e8d9bbaa6 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
-@@ -1,4 +1,4 @@
--# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_slmicro
-+# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
-index 81b218e1a..b8114e674 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
-index 60354bba5..aebe5505f 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- echo 'Defaults !targetpw' >> /etc/sudoers
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
-index c8e38ccd0..7955c2d54 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- touch /etc/sudoers.d/empty
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
-index 4454ed38e..97a9346e2 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- touch /etc/sudoers.d/empty
-diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
-index 1de6b3bbb..06eadc9e9 100644
---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
-+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
- # packages = sudo
-
- touch /etc/sudoers.d/empty
-diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/bash/rhel10.sh b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/bash/rhel10.sh
-index 274b457c8..136a8d91a 100644
---- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/bash/rhel10.sh
-+++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/bash/rhel10.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 10
-+# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10
- # reboot = false
- # strategy = disable
- # complexity = low
-diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
-index e25b2e615..5ef42594e 100644
---- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
-+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
-index 742c2e452..c7fdd0009 100644
---- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
-+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-
- {{% if 'sle' in product or 'slmicro' in product %}}
- {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}}
-diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
-index 4cba82b3c..1d8495018 100644
---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
-+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- file={{{ pkg_manager_config_file }}}
-
-diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
-index 3b3bd71f7..d54501d5c 100644
---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
-+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- file={{{ pkg_manager_config_file }}}
-
-diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
-index 8f2e4fac8..20d00061a 100644
---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
-+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
-
- file={{{ pkg_manager_config_file }}}
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # Package libselinux cannot be uninstalled normally
+ # as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
-index d74db7b2b..b44ee67b3 100644
+index e43ee7994..8b41b5d93 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -4690,7 +3263,7 @@ index d74db7b2b..b44ee67b3 100644
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
-index ba0c54f3f..1890b7708 100644
+index 1c68a6ec3..fa8f50b84 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -4699,6 +3272,26 @@ index ba0c54f3f..1890b7708 100644
# reboot = false
# strategy = unknown
# complexity = low
+diff --git a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
+index af72a7d18..8f5a02c51 100644
+--- a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh
+index eb390cd1f..ac318fa9a 100644
+--- a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+
+ function replace_all_gpgcheck {
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
index add0cd7dd..1cf05952d 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
@@ -4738,7 +3331,7 @@ index f78a6fb82..10b7819c4 100644
RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
-index e1c9c1653..24999c3b1 100644
+index e9c73de58..c60a1b027 100644
--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
@@ -8,7 +8,7 @@ description: |-
@@ -4750,7 +3343,7 @@ index e1c9c1653..24999c3b1 100644
rationale: |-
Changes to software components can have significant effects on the overall
-@@ -42,8 +42,8 @@ ocil: |-
+@@ -41,8 +41,8 @@ ocil: |-
To ensure that the GPG key is installed, run:
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
The command should return the string below:
@@ -4773,86 +3366,6 @@ index 87b82cb01..ba588f308 100644
-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
-index 4366d9faa..4a3043290 100644
---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
-+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
-@@ -1,3 +1,3 @@
--# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-
- {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
-index 9fbd9fff2..71782514c 100644
---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
-+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- # reboot = false
- # strategy = enable
- # complexity = low
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
-index fb6361d3c..e27d8c9d5 100644
---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
-+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
- {{% if product in ["sle12", "sle15", "slmicro5"] %}}
- sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
- {{% else %}}
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
-index 90ee6e0e0..4e2095f9c 100644
---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
-+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-
- {{%- if product in ["sle12", "sle15", "slmicro5"] %}}
- sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/zypp/repos.d/*
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
-index e6dfa5ba5..f90e114cd 100644
---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
-+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
-
- {{%- if product in ["sle12", "sle15", "slmicro5"] %}}
- sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
-diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-index e77380808..4645b3a7d 100644
---- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-@@ -16,6 +16,11 @@ description: |-
- $ sudo yum update
- If the system is not configured to use one of these sources, updates (in the form of RPM packages)
- can be manually downloaded from the ULN and installed using rpm .
-+{{% elif product in ["almalinux10"] %}}
-+ Run the following command to install updates:
-+ $ sudo yum update
-+ If the system is not configured to use repos, updates (in the form of RPM packages)
-+ can be manually downloaded from the repos and installed using rpm .
- {{% elif product in ["sle12", "sle15", "slmicro5"] %}}
- If the system is configured for online updates, invoking the following command will list available
- security updates:
-diff --git a/product_properties/10-grub.yml b/product_properties/10-grub.yml
-index 436c6b492..3d4927544 100644
---- a/product_properties/10-grub.yml
-+++ b/product_properties/10-grub.yml
-@@ -6,7 +6,7 @@ default:
-
- overrides:
- {{% if "rhel-like" in families and major_version_ordinal <= 8 %}}
-- grub2_uefi_boot_path: "/boot/efi/EFI/redhat"
-+ grub2_uefi_boot_path: "/boot/efi/EFI/almalinux"
- {{% endif %}}
- {{% if "suse" in families %}}
- grub_helper_executable: "grub2-mkconfig"
diff --git a/products/almalinux10/CMakeLists.txt b/products/almalinux10/CMakeLists.txt
new file mode 100644
index 000000000..1284434a2
@@ -5066,10 +3579,10 @@ index 000000000..6e0a0ab8c
+
diff --git a/products/almalinux10/product.yml b/products/almalinux10/product.yml
new file mode 100644
-index 000000000..4e5104f67
+index 000000000..a428a42ec
--- /dev/null
+++ b/products/almalinux10/product.yml
-@@ -0,0 +1,52 @@
+@@ -0,0 +1,54 @@
+product: almalinux10
+full_name: AlmaLinux OS 10
+type: platform
@@ -5122,12 +3635,14 @@ index 000000000..4e5104f67
+
+
+journald_conf_dir_path: /etc/systemd/journald.conf.d
++audit_watches_style: modern
++rsyslog_cafile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
diff --git a/products/almalinux10/profiles/anssi_bp28_enhanced.profile b/products/almalinux10/profiles/anssi_bp28_enhanced.profile
new file mode 100644
-index 000000000..c77fab679
+index 000000000..1a013f1de
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_enhanced.profile
-@@ -0,0 +1,80 @@
+@@ -0,0 +1,87 @@
+documentation_complete: true
+
+metadata:
@@ -5152,7 +3667,9 @@ index 000000000..c77fab679
+
+selections:
+ - anssi:all:enhanced
++ - var_password_hashing_algorithm_pam=yescrypt
+ # Following rules are incompatible with rhel10 product
++ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
@@ -5184,6 +3701,8 @@ index 000000000..c77fab679
+ - '!file_groupowner_efi_user_cfg'
+ - '!file_owner_efi_user_cfg'
+ - '!file_permissions_efi_user_cfg'
++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5.
++ - '!grub2_uefi_password'
+ # disable R45: Enable AppArmor security profiles
+ - '!apparmor_configured'
+ - '!all_apparmor_profiles_enforced'
@@ -5200,6 +3719,9 @@ index 000000000..c77fab679
+ - '!package_xinetd_removed'
+ - '!package_ypbind_removed'
+ - '!package_ypserv_removed'
++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (R73)
++ - '!audit_rules_mac_modification'
++ - audit_rules_mac_modification_etc_selinux
+ # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed
+ - '!accounts_password_pam_retry'
+ # These rules are being modified and they are causing trouble in their current state (R67)
@@ -5210,10 +3732,10 @@ index 000000000..c77fab679
+ - '!prefer_64bit_os'
diff --git a/products/almalinux10/profiles/anssi_bp28_high.profile b/products/almalinux10/profiles/anssi_bp28_high.profile
new file mode 100644
-index 000000000..a261f345b
+index 000000000..d769a2284
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_high.profile
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,99 @@
+documentation_complete: true
+
+metadata:
@@ -5238,9 +3760,11 @@ index 000000000..a261f345b
+
+selections:
+ - anssi:all:high
++ - var_password_hashing_algorithm_pam=yescrypt
+ # the following rule renders UEFI systems unbootable
+ - '!sebool_secure_mode_insmod'
+ # Following rules are incompatible with rhel10 product
++ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
@@ -5274,6 +3798,8 @@ index 000000000..a261f345b
+ - '!file_groupowner_efi_user_cfg'
+ - '!file_owner_efi_user_cfg'
+ - '!file_permissions_efi_user_cfg'
++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5.
++ - '!grub2_uefi_password'
+ # disable R45: Enable AppArmor security profiles
+ - '!apparmor_configured'
+ - '!all_apparmor_profiles_enforced'
@@ -5290,6 +3816,9 @@ index 000000000..a261f345b
+ - '!package_xinetd_removed'
+ - '!package_ypbind_removed'
+ - '!package_ypserv_removed'
++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (R73)
++ - '!audit_rules_mac_modification'
++ - audit_rules_mac_modification_etc_selinux
+ # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed
+ - '!accounts_password_pam_retry'
+ # These rules are being modified and they are causing trouble in their current state (R67)
@@ -5308,10 +3837,10 @@ index 000000000..a261f345b
+ - '!kernel_config_security_writable_hooks'
diff --git a/products/almalinux10/profiles/anssi_bp28_intermediary.profile b/products/almalinux10/profiles/anssi_bp28_intermediary.profile
new file mode 100644
-index 000000000..e4c0731ba
+index 000000000..11a10d1e0
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_intermediary.profile
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,62 @@
+documentation_complete: true
+
+metadata:
@@ -5336,7 +3865,9 @@ index 000000000..e4c0731ba
+
+selections:
+ - anssi:all:intermediary
++ - var_password_hashing_algorithm_pam=yescrypt
+ # Following rules are incompatible with rhel10 product
++ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
@@ -5370,12 +3901,14 @@ index 000000000..e4c0731ba
+ - '!sssd_enable_pam_services'
+ - '!sssd_ldap_configure_tls_reqcert'
+ - '!sssd_ldap_start_tls'
++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5.
++ - '!grub2_uefi_password'
diff --git a/products/almalinux10/profiles/anssi_bp28_minimal.profile b/products/almalinux10/profiles/anssi_bp28_minimal.profile
new file mode 100644
-index 000000000..0a185e8de
+index 000000000..5833a0cce
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_minimal.profile
-@@ -0,0 +1,52 @@
+@@ -0,0 +1,54 @@
+documentation_complete: true
+
+metadata:
@@ -5400,7 +3933,9 @@ index 000000000..0a185e8de
+
+selections:
+ - anssi:all:minimal
++ - var_password_hashing_algorithm_pam=yescrypt
+ # Following rules are incompatible with rhel10 product
++ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
@@ -5520,12 +4055,51 @@ index 000000000..7d905f749
+
+selections:
+ - cis_rhel10:all:l2_workstation
+diff --git a/products/almalinux10/profiles/default.profile b/products/almalinux10/profiles/default.profile
+new file mode 100644
+index 000000000..1616e1bbe
+--- /dev/null
++++ b/products/almalinux10/profiles/default.profile
+@@ -0,0 +1,33 @@
++documentation_complete: true
++
++hidden: true
++
++title: Default Profile for AlmaLinux OS 10
++
++description: |-
++ This profile contains all the rules that once belonged to the rhel10
++ product. This profile won't be rendered into an XCCDF Profile entity,
++ nor it will select any of these rules by default. The only purpose of
++ this profile is to keep a rule in the product's XCCDF Benchmark.
++
++selections:
++ - grub2_nousb_argument
++ - audit_rules_kernel_module_loading_create
++ - grub2_uefi_admin_username
++ - grub2_uefi_password
++ - no_tmux_in_shells
++ - package_tmux_installed
++ - configure_tmux_lock_after_time
++ - configure_tmux_lock_command
++ - configure_tmux_lock_keybinding
++ - audit_rules_session_events
++ - enable_authselect
++ - audit_rules_login_events
++ - audit_rules_unsuccessful_file_modification
++ - configure_openssl_tls_crypto_policy
++ - audit_rules_privileged_commands_pt_chown
++ - package_iprutils_removed
++ - service_rlogin_disabled
++ - service_rsh_disabled
++ - service_rexec_disabled
++ - package_scap-security-guide_installed
diff --git a/products/almalinux10/profiles/e8.profile b/products/almalinux10/profiles/e8.profile
new file mode 100644
-index 000000000..f105bb27a
+index 000000000..e70330c0d
--- /dev/null
+++ b/products/almalinux10/profiles/e8.profile
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,39 @@
+documentation_complete: true
+
+metadata:
@@ -5550,6 +4124,7 @@ index 000000000..f105bb27a
+
+selections:
+ - e8:all
++ - '!enable_authselect'
+ # nosha1 crypto policy does not exist in RHEL 10
+ - var_system_crypto_policy=default_policy
+ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions.
@@ -5564,14 +4139,12 @@ index 000000000..f105bb27a
+ - '!package_rsh_removed'
+ - '!package_rsh-server_removed'
+ - '!security_patches_up_to_date'
-+ # this rule fails after being remediated through Ansible
-+ - '!audit_rules_usergroup_modification'
diff --git a/products/almalinux10/profiles/hipaa.profile b/products/almalinux10/profiles/hipaa.profile
new file mode 100644
-index 000000000..7eb6475a9
+index 000000000..ee39fc73f
--- /dev/null
+++ b/products/almalinux10/profiles/hipaa.profile
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,68 @@
+documentation_complete: true
+
+metadata:
@@ -5598,17 +4171,24 @@ index 000000000..7eb6475a9
+
+selections:
+ - hipaa:all
++
++ # RHEL 10 uses a different rule for auditing changes to selinux configuration
++ # HIPAA 164.308(a)(1)(ii)(D), 164.308(a)(3)(ii)(A), 164.308(a)(5)(ii)(C), 164.312(a)(2)(i), 164.312(b), 164.312(d) and 164.312(e)
++ - '!audit_rules_mac_modification'
++ - audit_rules_mac_modification_etc_selinux
++
+ - '!coreos_disable_interactive_boot'
+ - '!coreos_audit_option'
+ - '!coreos_nousb_kernel_argument'
+ - '!coreos_enable_selinux_kernel_argument'
+ - '!dconf_gnome_remote_access_credential_prompt'
+ - '!dconf_gnome_remote_access_encryption'
++ - '!enable_authselect'
+ - '!ensure_suse_gpgkey_installed'
+ - '!ensure_fedora_gpgkey_installed'
+ - ensure_almalinux_gpgkey_installed
+ - '!grub2_uefi_admin_username'
-+ - '!grub2_uefi_pass'
++ - '!grub2_uefi_password'
+ - '!service_ypbind_disabled'
+ - '!service_zebra_disabled'
+ - '!package_talk-server_removed'
@@ -5630,12 +4210,15 @@ index 000000000..7eb6475a9
+ - '!sshd_allow_only_protocol2'
+ - '!sshd_disable_kerb_auth'
+ - '!sshd_disable_gssapi_auth'
++ - '!service_rlogin_disabled'
++ - '!service_rsh_disabled'
++ - '!service_rexec_disabled'
diff --git a/products/almalinux10/profiles/ism_o.profile b/products/almalinux10/profiles/ism_o.profile
new file mode 100644
-index 000000000..08ce8dca1
+index 000000000..9021df832
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o.profile
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,50 @@
+documentation_complete: true
+
+metadata:
@@ -5667,6 +4250,7 @@ index 000000000..08ce8dca1
+selections:
+ - ism_o:all:base
+ # these rules do not work properly on RHEL 10 for now
++ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
+ - '!firewalld_sshd_port_enabled'
+ - '!require_singleuser_auth'
@@ -5687,10 +4271,10 @@ index 000000000..08ce8dca1
+ - '!service_chronyd_or_ntpd_enabled'
diff --git a/products/almalinux10/profiles/ism_o_secret.profile b/products/almalinux10/profiles/ism_o_secret.profile
new file mode 100644
-index 000000000..7e6c51815
+index 000000000..a1ea6e884
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o_secret.profile
-@@ -0,0 +1,51 @@
+@@ -0,0 +1,52 @@
+documentation_complete: true
+
+metadata:
@@ -5724,6 +4308,7 @@ index 000000000..7e6c51815
+selections:
+ - ism_o:all:secret
+ # these rules do not work properly on RHEL 10 for now
++ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
+ - '!firewalld_sshd_port_enabled'
+ - '!require_singleuser_auth'
@@ -5744,10 +4329,10 @@ index 000000000..7e6c51815
+ - '!service_chronyd_or_ntpd_enabled'
diff --git a/products/almalinux10/profiles/ism_o_top_secret.profile b/products/almalinux10/profiles/ism_o_top_secret.profile
new file mode 100644
-index 000000000..b53f3754b
+index 000000000..8c77e37d9
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o_top_secret.profile
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,50 @@
+documentation_complete: true
+
+metadata:
@@ -5779,6 +4364,7 @@ index 000000000..b53f3754b
+selections:
+ - ism_o:all:top_secret
+ # these rules do not work properly on RHEL 10 for now
++ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
+ - '!firewalld_sshd_port_enabled'
+ - '!require_singleuser_auth'
@@ -5799,10 +4385,10 @@ index 000000000..b53f3754b
+ - '!service_chronyd_or_ntpd_enabled'
diff --git a/products/almalinux10/profiles/ospp.profile b/products/almalinux10/profiles/ospp.profile
new file mode 100644
-index 000000000..bf8780803
+index 000000000..fce0fd011
--- /dev/null
+++ b/products/almalinux10/profiles/ospp.profile
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,29 @@
+documentation_complete: true
+hidden: true
+
@@ -5828,14 +4414,16 @@ index 000000000..bf8780803
+ - ospp:all
+ - '!package_screen_installed'
+ - '!package_dnf-plugin-subscription-manager_installed'
++ - '!package_scap-security-guide_installed'
+ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
+ - '!enable_dracut_fips_module'
++ - '!enable_authselect'
diff --git a/products/almalinux10/profiles/pci-dss.profile b/products/almalinux10/profiles/pci-dss.profile
new file mode 100644
-index 000000000..dd42b3807
+index 000000000..b7a8eba3e
--- /dev/null
+++ b/products/almalinux10/profiles/pci-dss.profile
-@@ -0,0 +1,78 @@
+@@ -0,0 +1,85 @@
+documentation_complete: true
+
+metadata:
@@ -5865,11 +4453,16 @@ index 000000000..dd42b3807
+ - var_password_hashing_algorithm=yescrypt
+ - var_password_hashing_algorithm_pam=yescrypt
+
++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (PCI-DSSv4 - 10.3.4)
++ - '!audit_rules_mac_modification'
++ - audit_rules_mac_modification_etc_selinux
++
+ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions.
+ # https://github.com/ComplianceAsCode/content/issues/11285
+ - '!rpm_verify_permissions'
+
+ # these rules do not apply to RHEL 10
++ - '!enable_authselect'
+ - '!package_audit-audispd-plugins_installed'
+ - '!package_dhcp_removed'
+ - '!package_ypserv_removed'
@@ -5903,6 +4496,8 @@ index 000000000..dd42b3807
+ - '!set_ip6tables_default_rule'
+ - '!set_loopback_traffic'
+ - '!set_password_hashing_algorithm_commonauth'
++ # Following rule are excluded since, "so far" no CCEs were defined for them and maybe irrelevant for rhel10
++ - '!enable_dconf_user_profile'
+
+ # Following are incompatible with the rhel10 product (based on RHEL9)
+ - '!service_chronyd_or_ntpd_enabled'
@@ -5916,10 +4511,10 @@ index 000000000..dd42b3807
+ - '!kernel_module_dccp_disabled'
diff --git a/products/almalinux10/profiles/stig.profile b/products/almalinux10/profiles/stig.profile
new file mode 100644
-index 000000000..aeb4b4ee8
+index 000000000..68cfac18e
--- /dev/null
+++ b/products/almalinux10/profiles/stig.profile
-@@ -0,0 +1,24 @@
+@@ -0,0 +1,25 @@
+documentation_complete: true
+
+metadata:
@@ -5942,14 +4537,15 @@ index 000000000..aeb4b4ee8
+
+selections:
+ - srg_gpos:all
++ - '!enable_authselect'
+ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
+ - '!enable_dracut_fips_module'
diff --git a/products/almalinux10/profiles/stig_gui.profile b/products/almalinux10/profiles/stig_gui.profile
new file mode 100644
-index 000000000..bdc831d06
+index 000000000..a7d4a1877
--- /dev/null
+++ b/products/almalinux10/profiles/stig_gui.profile
-@@ -0,0 +1,39 @@
+@@ -0,0 +1,40 @@
+documentation_complete: true
+
+metadata:
@@ -5979,6 +4575,7 @@ index 000000000..bdc831d06
+
+ - '!package_nfs-utils_removed'
+
++ - '!enable_authselect'
+ # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese
+ # https://issues.redhat.com/browse/RHEL-10416
+ - '!sysctl_user_max_user_namespaces'
@@ -6104,7 +4701,7 @@ index 000000000..34f942d90
+
+
diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
-index f803e8ff0..0d908f044 100644
+index 42b866d3b..8560a7220 100644
--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
@@ -16,6 +16,7 @@
@@ -6199,109 +4796,10 @@ index e83699662..1efabcf62 100644
set superusers="[someuniquestringhere]"
export superusers
-diff --git a/shared/references/disa-stig-ol8-v2r2-xccdf-scap.xml b/shared/references/disa-stig-ol8-v2r2-xccdf-scap.xml
-index 97dac8309..f188cf808 100644
---- a/shared/references/disa-stig-ol8-v2r2-xccdf-scap.xml
-+++ b/shared/references/disa-stig-ol8-v2r2-xccdf-scap.xml
-@@ -2850,7 +2850,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
- 5416
-
- CCI-000213
-- Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file.
-+ Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file.
-
- Generate an encrypted grub2 password for the grub superusers account with the following command:
-
-@@ -11097,7 +11097,7 @@ The "logind" service must be restarted for the changes to take effect. To restar
- The OL8 system boots with United Extensable Firmware Interface (UEFI)
-
-
--
-
-
-@@ -11250,11 +11250,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
-
- If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.
-
--
--
-+
--
-
-
-@@ -11874,7 +11874,7 @@ Configuration settings are the set of parameters that can be changed in hardware
- The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-
--
-
-
--
-+
-
-
-@@ -15479,11 +15479,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi
-
-+
-
--
-+
-
-@@ -17231,8 +17231,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
-
- gnome-shell
-
--
-- /boot/efi/EFI/redhat/grub.cfg
-+
-+ /boot/efi/EFI/almalinux/grub.cfg
-
-
- /boot/grub2/grub.cfg
-@@ -17308,13 +17308,13 @@ By limiting the number of attempts to meet the pwquality module complexity requi
- ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d*)
- 1
-
--
-- /boot/efi/EFI/redhat/grub.cfg
-+
-+ /boot/efi/EFI/almalinux/grub.cfg
- ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
- 1
-
--
-- /boot/efi/EFI/redhat/user.cfg
-+
-+ /boot/efi/EFI/almalinux/user.cfg
- ^\s*GRUB2_PASSWORD=(\S+)\b
- 1
-
-diff --git a/shared/references/disa-stig-ol8-v2r3-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r3-xccdf-manual.xml
-index 7e5d2fce0..f4fc7a4be 100644
---- a/shared/references/disa-stig-ol8-v2r3-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol8-v2r3-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
+index 3071029bd..41db6bc3c 100644
+--- a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
@@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 100000SRG-OS-000080-GPOS-00048 <GroupDescription></GroupDescription> RHEL-08-010140 RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. <VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> DPMS Target Red Hat Enterprise Linux 8 DISA DPMS Target Red Hat Enterprise Linux 8 2921 CCI-000213 Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "100000", this is a finding. SRG-OS-000080-GPOS-00048 <GroupDescription></GroupDescription> RHEL-08-010140 RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. <VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> DPMS Target Red Hat Enterprise Linux 8 DISA DPMS Target Red Hat Enterprise Linux 8 2921 CCI-000213 Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
-
- Generate an encrypted grub2 password for the grub superusers account with the following command:
-
-@@ -384,7 +384,7 @@ Confirm password: For systems that use BIOS, this is Not Applicable.
-+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
-
- Verify that a unique name is set as the "superusers" account:
-
--$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
-+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
- set superusers="[someuniquestringhere]"
- export superusers
-
-diff --git a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-index ecdb4b277..8dbe274c6 100644
---- a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-@@ -3264,7 +3264,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
+diff --git a/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml b/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml
+index 3e1d42930..ec0e423c3 100644
+--- a/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml
++++ b/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml
+@@ -3389,7 +3389,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
CCI-000213
-- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
-
- Generate an encrypted grub2 password for the grub superusers account with the following command:
-
-@@ -12501,8 +12501,8 @@ $ sudo systemctl restart systemd-logind
+- Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file.
++ Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file.
+
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+
+@@ -12636,8 +12636,8 @@ The "logind" service must be restarted for the changes to take effect. To restar
@@ -6394,7 +4856,7 @@ index ecdb4b277..8dbe274c6 100644
-@@ -20423,11 +20423,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+@@ -20409,11 +20409,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi
@@ -6408,7 +4870,7 @@ index ecdb4b277..8dbe274c6 100644
1
@@ -6423,6 +4885,95 @@ index ecdb4b277..8dbe274c6 100644
^\s*GRUB2_PASSWORD=(\S+)\b
1
+diff --git a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
+index bbc44024b..ef94e40fa 100644
+--- a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
+@@ -3134,7 +3134,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
+
+ CCI-000213
+- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+
+@@ -12106,8 +12106,8 @@ $ sudo systemctl restart systemd-logind
+
+-
+
+
+@@ -19802,11 +19802,11 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
+
+
+-
++
+
+-
++
+
+@@ -21745,12 +21745,12 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
+ 1
+
+
+- /boot/efi/EFI/redhat/grub.cfg
++ /boot/efi/EFI/almalinux/grub.cfg
+ ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
+ 1
+
+
+- /boot/efi/EFI/redhat/user.cfg
++ /boot/efi/EFI/almalinux/user.cfg
+ ^\s*GRUB2_PASSWORD=(\S+)\b
+ 1
+
+diff --git a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
+index 7fa5cfb17..4024119f2 100644
+--- a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
++++ b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
+@@ -370,7 +370,7 @@ SHA_CRYPT_MIN_ROUNDS 100000SRG-OS-000080-GPOS-00048 <GroupDescription></GroupDescription> RHEL-08-010140 RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. <VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> DPMS Target Red Hat Enterprise Linux 8 DISA DPMS Target Red Hat Enterprise Linux 8 2921 CCI-000213 Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "100000", this is a finding. SRG-OS-000080-GPOS-00048 <GroupDescription></GroupDescription> RHEL-08-010140 RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance. <VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> DPMS Target Red Hat Enterprise Linux 8 DISA DPMS Target Red Hat Enterprise Linux 8 2921 CCI-000213 Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+
+@@ -380,7 +380,7 @@ Confirm password: For systems that use BIOS, this is Not Applicable.
++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
+
+ Verify that a unique name is set as the "superusers" account:
+
+-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
+ set superusers="[someuniquestringhere]"
+ export superusers
+
diff --git a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh b/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh
index 8c002663d..c8d3ff1a4 100644
--- a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh
@@ -6447,6 +4998,29 @@ index 689093008..c25c13332 100644
# variables = var_password_pam_{{{ VARIABLE }}}={{{ TEST_VAR_VALUE }}}
# This test will ensure that OVAL also checks the configuration in
+diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh
+index deca23463..fb11356dc 100644
+--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh
++++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 10
++# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10
+ source common.sh
+
+ {{{ setup_auditctl_environment() }}}
+diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh
+index 5ac5acf32..b41e800a5 100644
+--- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh
++++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 10
++# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10
+
+ source common.sh
+
diff --git a/shared/templates/grub2_bootloader_argument/kickstart.template b/shared/templates/grub2_bootloader_argument/kickstart.template
index c5051bcf7..846c0e661 100644
--- a/shared/templates/grub2_bootloader_argument/kickstart.template
@@ -6458,7 +5032,7 @@ index c5051bcf7..846c0e661 100644
# strategy = restrict
# complexity = medium
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
-index 4c25b2d95..26100fc4e 100644
+index 4cc696340..7dcfe8e61 100644
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
@@ -1,6 +1,6 @@
@@ -6468,7 +5042,7 @@ index 4c25b2d95..26100fc4e 100644
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
# packages = grub2,grubby
- source common.sh
+ {{%- if ARG_VARIABLE %}}
diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
index c6d5b6b1b..0557b2f03 100644
--- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
@@ -6482,7 +5056,7 @@ index c6d5b6b1b..0557b2f03 100644
{{%- if ARG_VARIABLE %}}
# variables = {{{ ARG_VARIABLE }}}=correct_value
diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
-index 0ee7a41ca..a31c37bc4 100644
+index b875737f2..9685f6abd 100644
--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
@@ -1,6 +1,6 @@
@@ -6491,8 +5065,8 @@ index 0ee7a41ca..a31c37bc4 100644
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
# packages = grub2,grubby
-
- source common.sh
+ {{%- if ARG_VARIABLE %}}
+ # variables = {{{ ARG_VARIABLE }}}=correct_value
diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
index fc3db8ccd..a12bef4b2 100644
--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
@@ -6518,10 +5092,11 @@ index e51f669fd..00a74f76f 100644
# Adds argument with a value from kernel command line in /etc/default/grub
diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
-index 9eda41566..e47a76f51 100644
+index d5d39d91c..2b25d0659 100644
--- a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
+++ b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
-@@ -1,4 +1,4 @@
+@@ -1,5 +1,5 @@
+ #!/bin/bash
-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10
+# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10
# packages = grub2,grubby
@@ -6578,7 +5153,7 @@ index be0fc1de8..8284a5711 100644
# strategy = enable
# complexity = low
diff --git a/shared/templates/package_removed/bootc.template b/shared/templates/package_removed/bootc.template
-index 9e3535578..f0a418432 100644
+index eef498941..255ac57a1 100644
--- a/shared/templates/package_removed/bootc.template
+++ b/shared/templates/package_removed/bootc.template
@@ -1,4 +1,4 @@
@@ -6588,7 +5163,7 @@ index 9e3535578..f0a418432 100644
# strategy = disable
# complexity = low
diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template
-index 486ebbbdc..963412bac 100644
+index 99f5e33b9..a0b930444 100644
--- a/shared/templates/package_removed/kickstart.template
+++ b/shared/templates/package_removed/kickstart.template
@@ -1,4 +1,4 @@
@@ -6650,7 +5225,7 @@ index 451af774a..27ac615a2 100644
# strategy = disable
# complexity = low
diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
-index 6432aa5ce..9c3234fd3 100644
+index ab3f45c20..04b4f8cf8 100644
--- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
@@ -1,6 +1,6 @@
@@ -6658,9 +5233,9 @@ index 6432aa5ce..9c3234fd3 100644
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu
-
- source common.sh
-
+ {{%- if XCCDF_VARIABLE %}}
+ # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
+ {{%- endif %}}
diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
index c5390ff13..9f596cf48 100644
--- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
@@ -6730,7 +5305,7 @@ index e14d59dfc..1b236a130 100644
# Correct BLS option using grubby, which is a thin wrapper around BLS operations
grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
diff --git a/ssg/constants.py b/ssg/constants.py
-index cf58db6a1..7e1bdd841 100644
+index a0265a9d9..ebc8165aa 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -40,7 +40,7 @@ SSG_REF_URIS = {
@@ -6742,7 +5317,7 @@ index cf58db6a1..7e1bdd841 100644
'anolis8',
'anolis23',
'al2023',
-@@ -204,7 +204,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+@@ -211,7 +211,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
FULL_NAME_TO_PRODUCT_MAPPING = {
"Alibaba Cloud Linux 2": "alinux2",
"Alibaba Cloud Linux 3": "alinux3",
@@ -6751,7 +5326,7 @@ index cf58db6a1..7e1bdd841 100644
"Anolis OS 8": "anolis8",
"Anolis OS 23": "anolis23",
"Amazon Linux 2023": "al2023",
-@@ -295,7 +295,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+@@ -302,7 +302,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
MULTI_PLATFORM_MAPPING = {
"multi_platform_alinux": ["alinux2", "alinux3"],
@@ -6761,10 +5336,10 @@ index cf58db6a1..7e1bdd841 100644
"multi_platform_debian": ["debian11", "debian12"],
"multi_platform_example": ["example"],
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
-index eb1005de9..6c1f3517b 100644
+index 27cf93dcc..16fc52311 100644
--- a/tests/data/product_stability/ol7.yml
+++ b/tests/data/product_stability/ol7.yml
-@@ -29,7 +29,7 @@ groups:
+@@ -30,7 +30,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -6774,10 +5349,10 @@ index eb1005de9..6c1f3517b 100644
init_system: systemd
major_version_ordinal: 7
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
-index ec49ad45f..67008023e 100644
+index 169cd1991..f694d28f5 100644
--- a/tests/data/product_stability/ol8.yml
+++ b/tests/data/product_stability/ol8.yml
-@@ -29,7 +29,7 @@ groups:
+@@ -30,7 +30,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -6787,10 +5362,10 @@ index ec49ad45f..67008023e 100644
init_system: systemd
major_version_ordinal: 8
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
-index cec14308a..b7e6596bf 100644
+index 8f764c4d1..0cc1d40ec 100644
--- a/tests/data/product_stability/rhel8.yml
+++ b/tests/data/product_stability/rhel8.yml
-@@ -80,7 +80,7 @@ groups:
+@@ -81,7 +81,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -6836,11 +5411,11 @@ index 849ab06f6..1a4927eec 100644
export superusers
diff --git a/tests/shared/grub2.sh b/tests/shared/grub2.sh
-index d11a2ea48..2a0d14294 100644
+index 42abeb78e..fb99e71f2 100644
--- a/tests/shared/grub2.sh
+++ b/tests/shared/grub2.sh
-@@ -7,10 +7,10 @@ function set_grub_uefi_root {
- if grep VERSION /etc/os-release | grep -q '9\.0'; then
+@@ -11,10 +11,10 @@ function set_grub_uefi_root {
+ if grep VERSION /etc/os-release | grep -q '9\.'; then
GRUB_CFG_ROOT=/boot/grub2
else
- GRUB_CFG_ROOT=/boot/efi/EFI/redhat
@@ -6849,9 +5424,9 @@ index d11a2ea48..2a0d14294 100644
elif grep NAME /etc/os-release | grep -iq "Oracle"; then
- GRUB_CFG_ROOT=/boot/efi/EFI/redhat
+ GRUB_CFG_ROOT=/boot/efi/EFI/almalinux
+ elif grep NAME /etc/os-release | grep -iq "Ubuntu"; then
+ GRUB_CFG_ROOT=/boot/grub
fi
- }
-
diff --git a/tests/unit/ssg-module/data/product.yml b/tests/unit/ssg-module/data/product.yml
index 540ab0181..191dde4ec 100644
--- a/tests/unit/ssg-module/data/product.yml
@@ -6877,15 +5452,3 @@ index 5a2bc1005..c3dfe6dce 100644
# profiles = xccdf_org.ssgproject.content_profile_cis
# check = oval
# remediation = none
-diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
-index e3c4bc4ae..fe2220ac0 100755
---- a/utils/ansible_playbook_to_role.py
-+++ b/utils/ansible_playbook_to_role.py
-@@ -65,6 +65,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
- PRODUCT_ALLOWLIST = set([
- "rhel8",
- "rhel9",
-+ "almalinux10",
- ])
-
- PROFILE_ALLOWLIST = set([