diff --git a/config.yaml b/config.yaml index 6b491a3..4498163 100644 --- a/config.yaml +++ b/config.yaml @@ -3,14 +3,14 @@ actions: - target: "spec" find: | %if 0%{?centos} - %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON + %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON %endif replace: | %if 0%{?centos} - %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON + %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON -DSSG_SCE_ENABLED:BOOL=ON %endif %if 0%{?almalinux} - %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF + %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_SCE_ENABLED:BOOL=ON %endif count: 1 @@ -26,5 +26,5 @@ actions: - add_files: - type: "patch" - name: "scap-security-guide-0.1.74-add-almalinux10-product.patch" + name: "scap-security-guide-add-almalinux10-product.patch" number: 1000 diff --git a/files/scap-security-guide-0.1.74-add-almalinux10-product.patch b/files/scap-security-guide-0.1.74-add-almalinux10-product.patch deleted file mode 100644 index 815a643..0000000 --- a/files/scap-security-guide-0.1.74-add-almalinux10-product.patch +++ /dev/null @@ -1,8992 +0,0 @@ -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 4c258307d..51428e723 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -85,6 +85,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui - # project. Note that the example product is always disabled unless explicitly asked for. - option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_ALMALINUX10 "If enabled, the AlmaLinux 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -@@ -313,6 +314,7 @@ message(STATUS " ") - message(STATUS "Products:") - message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") - message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") -+message(STATUS "AlmaLinux 10: ${SSG_PRODUCT_ALMALINUX10}") - message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") - message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") - message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") -@@ -377,6 +379,9 @@ endif() - if(SSG_PRODUCT_ALINUX3) - add_subdirectory("products/alinux3" "alinux3") - endif() -+if(SSG_PRODUCT_ALMALINUX10) -+ add_subdirectory("products/almalinux10" "almalinux10") -+endif() - if(SSG_PRODUCT_ANOLIS8) - add_subdirectory("products/anolis8" "anolis8") - endif() -diff --git a/build_product b/build_product -index b3246a268..20fffbadf 100755 ---- a/build_product -+++ b/build_product -@@ -351,6 +351,7 @@ all_cmake_products=( - AL2023 - ALINUX2 - ALINUX3 -+ ALMALINUX10 - ANOLIS8 - ANOLIS23 - CHROMIUM -diff --git a/components/rpm.yml b/components/rpm.yml -index f32f248ad..8a05dca3f 100644 ---- a/components/rpm.yml -+++ b/components/rpm.yml -@@ -9,6 +9,7 @@ rules: - - dnf-automatic_apply_updates - - dnf-automatic_security_updates_only - - ensure_GPG_keys_are_configured -+- ensure_almalinux_gpgkey_installed - - ensure_fedora_gpgkey_installed - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_local_packages -diff --git a/controls/anssi.yml b/controls/anssi.yml -index 247a9c44a..1e747157d 100644 ---- a/controls/anssi.yml -+++ b/controls/anssi.yml -@@ -1244,7 +1244,7 @@ controls: - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_local_packages -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_oracle_gpgkey_installed - - - id: R60 -@@ -1362,7 +1362,6 @@ controls: - When authentication takes place through a remote application (network), - the authentication protocol used by PAM must be secure (flow encryption, - remote server authentication, anti-replay mechanisms, ...). -- {{% if "rhel" in product %}} - notes: |- - In RHEL systems, remote authentication is handled through sssd service. - PAM delegates requests for remote authentication to this service through a -@@ -1385,10 +1384,6 @@ controls: - {{% endif %}} - related_rules: - - package_sssd-ipa_installed -- {{% else %}} -- notes: We cannot automate securing of remote PAM authentication in a general way. -- status: manual -- {{% endif %}} - - - id: R68 - title: Protecting stored passwords -diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml -index f2a4cdc5e..3ac8392cd 100644 ---- a/controls/cis_rhel10.yml -+++ b/controls/cis_rhel10.yml -@@ -360,7 +360,7 @@ controls: - - l1_workstation - status: manual - related_rules: -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - - id: 1.2.1.2 - title: Ensure gpgcheck is globally activated (Automated) -diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml -index 102793f78..07f20d0c0 100644 ---- a/controls/cis_rhel8.yml -+++ b/controls/cis_rhel8.yml -@@ -353,7 +353,7 @@ controls: - - l1_workstation - status: manual - related_rules: -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - - id: 1.2.2 - title: Ensure gpgcheck is globally activated (Automated) -diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml -index ffa633298..f718a26b1 100644 ---- a/controls/cis_rhel9.yml -+++ b/controls/cis_rhel9.yml -@@ -360,7 +360,7 @@ controls: - - l1_workstation - status: manual - related_rules: -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - - id: 1.2.1.2 - title: Ensure gpgcheck is globally activated (Automated) -diff --git a/controls/e8.yml b/controls/e8.yml -index 7656fb7ae..aa66e557c 100644 ---- a/controls/e8.yml -+++ b/controls/e8.yml -@@ -23,7 +23,7 @@ controls: - - service_avahi-daemon_disabled - - package_squid_removed - - service_squid_disabled -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_globally_activated -diff --git a/controls/hipaa.yml b/controls/hipaa.yml -index a2eaad9c6..28add3325 100644 ---- a/controls/hipaa.yml -+++ b/controls/hipaa.yml -@@ -163,7 +163,7 @@ controls: - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_repo_metadata -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -@@ -1376,7 +1376,7 @@ controls: - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_repo_metadata -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -@@ -1406,7 +1406,7 @@ controls: - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_repo_metadata -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -@@ -1425,7 +1425,7 @@ controls: - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_repo_metadata -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -@@ -1699,7 +1699,7 @@ controls: - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled - - ensure_gpgcheck_repo_metadata -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -diff --git a/controls/ospp.yml b/controls/ospp.yml -index 1734ed07b..052ad09e2 100644 ---- a/controls/ospp.yml -+++ b/controls/ospp.yml -@@ -552,7 +552,7 @@ controls: - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -@@ -566,7 +566,7 @@ controls: - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - status: automated - -diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml -index 644c31313..695166558 100644 ---- a/controls/pcidss_4.yml -+++ b/controls/pcidss_4.yml -@@ -1549,7 +1549,7 @@ controls: - - base - status: automated - rules: -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - - ensure_suse_gpgkey_installed - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_never_disabled -diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -index 77571c24c..55510f4b6 100644 ---- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -+++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -@@ -15,6 +15,9 @@ controls: - {{% if 'rhel' in product %}} - - ensure_redhat_gpgkey_installed - {{% endif %}} -+ {{% if 'almalinux' in product %}} -+ - ensure_almalinux_gpgkey_installed -+ {{% endif %}} - {{% if 'ol' in product %}} - - ensure_oracle_gpgkey_installed - {{% endif %}} -diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml -index c2ce40e0b..2d9836b69 100644 ---- a/controls/stig_rhel9.yml -+++ b/controls/stig_rhel9.yml -@@ -386,7 +386,7 @@ controls: - - medium - title: RHEL 9 must ensure cryptographic verification of vendor software packages. - rules: -- - ensure_redhat_gpgkey_installed -+ - ensure_almalinux_gpgkey_installed - status: automated - - - id: RHEL-09-214015 -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -index 2fe1d2081..0e37b7b99 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -index 7f9a6d07e..60100490a 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -index fde14f70c..26426e2ba 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -index 7373a058f..57e10843b 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -index 53e61fb25..e9a0edcde 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - # Perform the remediation for the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -index 8a48783f6..b846f8113 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - # Perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -index c944fb9e6..b506644af 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -index c944fb9e6..b506644af 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -index c1352ae38..31de43746 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -index c944fb9e6..b506644af 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -index 590a5ff6b..5ceb15d9b 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml -index bdf3015c4..658327033 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -index 2e008b37e..7e74c94e7 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml -index 7c8e520c1..e5c1d9d93 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -index 9349085f7..b20604aa7 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml -index 639d76a21..7f4d463d6 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -index 73a9f1dff..6daf2c30b 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml -index 083a612a0..3228b89b7 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -index 1ea2bcfa9..06d0f131a 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -index b3f4eb102..e6bb717eb 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh -index 8615165ec..002902145 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh -index bc3f67c9c..a37ccd0bf 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules - sed -i '/newgrp/d' /etc/audit/audit.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh -index ed2cc6c29..13cbaac12 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/audit.rules - sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh -index e1d5d05df..6a758969a 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules - sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh -index ec89d9ce8..81e0062b1 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules - sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/audit.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh -index ee36da807..bd848737d 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - # augenrules is default for rhel7 -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh -index b6aabf247..8405f0ba1 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh -@@ -1,7 +1,7 @@ - #!/bin/bash - # packages = audit - # remediation = none --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /tmp/privileged.rules - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh -index 12f1b429a..8dea24479 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules - echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh -index 711bae803..617ff1b33 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules - sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh -index d272fd1d5..f7c0fec7d 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh -index ecda20ef9..115487067 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh -index 51482922f..4ac366ec9 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules - # change key of rules for binaries in /usr/sbin -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh -index 6ef31d987..2da0682e0 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh -index 45acc82b6..2505b138b 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - . $SHARED/partition.sh - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh -index 79c0bb972..2968492ac 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules - sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh -index a8667bbfb..471d2aff2 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules - echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh -index b2e18d1cd..5c56cdb6d 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules - echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh -index 81fc6dd16..9c3f84ef8 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 - - ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -index 699c2d8c3..dc6ed09f3 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -index 8c2f54aa9..401163b2a 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -index 457617560..c7b0226ec 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml -index f911a1d55..589fd39b1 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml -index 561a4974d..604b92dcc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml -index b500a24a9..30c2fce28 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -index 90b3941f0..0e013c362 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml -index 88a766528..ed41afe64 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml -index 6c114c13c..5c5f7185c 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh -index f4fff8181..6c379ca01 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml -index 44feb6dc4..7a5b0fa5e 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh -index c4c78f756..c9c2d7239 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -index 0a926a6e8..0c66f1cd8 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml -index aaf7d582d..28f430094 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -index 03ef13994..baccfe836 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -index d8f56e495..9871cfb1c 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -index e56a86204..efb80b1a0 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml -index 6c01ca01c..9142bb0b2 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml -index 69d289386..de189305f 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -index 778db53e1..8d1812f1e 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -index ab922936f..ab02adb41 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml -index 7e18fe435..a27adad2d 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh -index 102d4b40b..f9a428790 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -index 1ab729e15..244adfda8 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml -index f605a88d0..a6d3b8470 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml -index 1abe26173..204f957e4 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml -index 39e36b02f..11b3b93b9 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml -index 1450e43e8..80b9ac1b4 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -index f65a2c582..161937245 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -index 74f5baa80..57a3004e2 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -index 4bf53b3d9..0e2a9a0e5 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -index f27698264..ef5650892 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml -index bf42d77e9..cc90c1fdf 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml -index 264d2b88e..f11b9f438 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -index b57078075..5d03b92a6 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # Traverse all of: - # -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml -index 26d02c24e..28daa9106 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml -index 94768073f..6fd009b50 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -index e55119fd1..2e7514b51 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -index 79440e79b..614a4e09c 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml -index 889f83178..7896d4cb1 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml -index 496670fad..a9cce0a56 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh -index b61368c0c..eb3bf47f9 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/usr/share/selinux/", "wa", "MAC-policy") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -index fb56e5550..ea6929b63 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot =false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -index 1e040de05..65a6c1127 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -index 58be87f4b..3adce26dc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -index bd42cc0f1..366b790a4 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml -index 8b2377d44..39c2bba69 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml -index 64e8dde85..3d4f65278 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh -index 15d6fa4e2..7f98c9915 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml -index 4b841e808..80473d8ce 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh -index 8fdd7e75a..9c16b41cc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml -index 323a798b1..46fad7416 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -index 027623091..c1c2c1952 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml -index 336beb2b7..26c47e462 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -index 07965e2c7..908fa6e54 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -index 24b4da6b6..1b2b4dd27 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml -index 49c97e395..51f48c0f9 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -index c511ede45..617b679c5 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml -index ec76157d4..0f9e9f7cc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -index b7f44ab38..e6b1d1856 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml -index 3f43030e9..85e9a47c8 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -index b7f44ab38..e6b1d1856 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml -index 8a58bbc38..1a73014dc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -index 0899dcded..fa722e21d 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml -index 140506b60..4290a051f 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -index ec17adf55..0ecb4079c 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -index 09d4e8ff5..6a8e8bdab 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - groupadd group_test - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -index 0dad1bfe1..29632f729 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - - if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then - DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev) -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh -index 7e8c49123..999d914cd 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common_0700.sh - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh -index 7cfadc195..3bb0cefbb 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common_0700.sh - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh -index 3654389ed..64e3e8ebc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common_0700.sh - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh -index b93254a4b..c7d66ccbb 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common_0700.sh - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -index 6f19e15c6..b1d995c61 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - if grep -iwq "log_file" /etc/audit/auditd.conf; then - FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh -index cf4b02b90..cd69f17c2 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - if grep -iwq "log_file" /etc/audit/auditd.conf; then - FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh -index 3a0d9a4e9..ab43ceb2b 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - #!/bin/bash - - sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh -index 1879113b8..8798ae1ae 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - #!/bin/bash - - sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml -index 722f6731a..7f1879db2 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -index 0b42da512..013401d8c 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then - FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh -index 15023ca70..488ef3e3f 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = audit - - source common_0600.sh -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh -index 04d76809f..6475f83ae 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = audit - - source common_0600.sh -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh -index aea9d1b10..3f045e4c7 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = audit - - source common_0600.sh -diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh -index 003e3330f..368540adc 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh -+++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = audit - - source common_0600.sh -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -index 1e0529f08..9ed9948a4 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -index f17751e98..df9a32a67 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_audispd_remote_server") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml -index 942cd0f5d..a53df57b1 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh -index 36e7f8cda..842f3922d 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_audispd_disk_full_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml -index 71fc81683..835402712 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh -index d1a513600..8ca091bea 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_audispd_network_failure_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh -index d244d4bd0..ec516de8a 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - . $SHARED/auditd_utils.sh - prepare_auditd_test_enviroment -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh -index af96da871..3bcbba05c 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - . $SHARED/auditd_utils.sh - prepare_auditd_test_enviroment -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -index b075778f5..d9baf1b4f 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -index d0065b38c..7027992a4 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml -index 06f4a10c6..ba788edbf 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh -index 78726bbc6..0a36846ab 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -index 0adf2b538..376952524 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -index ce4f4d029..6ab8e06dd 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml -index 61cc4751d..7f66a5c15 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh -index 8ab6e16ab..110211558 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -index b82e6d174..717e52b99 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -index dfb8d3035..28e3fd6c9 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -index 49efdc918..ab901e892 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -index f377a92dd..44680a119 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -index 9c8afcfa3..53a6da7e0 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -index 79b916559..40632d099 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{{ bash_instantiate_variables("var_auditd_flush") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -index ba44b2bb5..303e1d8f7 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -index a8f68412c..0c0d35e0d 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -index f3301e81a..eb39696dd 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -index 64ebd312f..c43471049 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -index f6e0c1088..a51782746 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -index 47f3daf89..5cab1da02 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = audit --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -index c70cd104e..c97fbf56e 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -index 8a53bf847..95c5446b6 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -index 69ae3cb89..f48f36569 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -index 5007f965f..4c06ea831 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml -index 69ae3cb89..f48f36569 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh -index 4609f8ec9..f4b4664e3 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -index 7deaa0607..748a59d80 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -index ab0bea58e..a6158699d 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -index a53f062b5..e0200450d 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_space_left") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -index ec0ed4850..3c3b130e8 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -index b6e0267bb..990063e2f 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} - -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml -index 64042da08..2a1e5e6d8 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh -index 638b566dc..8c5acfbe9 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml -index 37fc1df9b..18d04768e 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh -index aba1bf099..e628e189c 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -index 55f407e01..b9084af21 100644 ---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml -index f29a4afc6..26ac0688c 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml -index 412c67f15..ec1467404 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -index 413293083..3f8c50a39 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml -index 1d08bae3a..3e2300448 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml -index 372b7c27c..4e2ce77e9 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -index f62426900..bd3ddd10a 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml -index c26dc39be..d32b854fd 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml -index 08c8dc855..e9277f263 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -index dab3d0eaa..620596c44 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml -index 22d3990f0..ed4f8bce8 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml -index 2fb2c25aa..e182781c4 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -index bff04fe4c..a56d7f18f 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - - {{% set file_contents = """## Successful file delete - -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml -index 37b8b3676..d1be71273 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - - {{% set file_contents = """## Successful file delete - -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete -diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml -index a46066d62..731636c7f 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - - {{% set file_contents = """## Successful file delete - -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete""" -%}} -diff --git a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -index ff5e61676..f7012bed2 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -index 2d9279849..ec6477378 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml -index dae466002..527bc8489 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml -index f07ff3607..62de7826c 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -index c6f796967..7a6e545c4 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml -index 212ec4ba5..62e1ee6de 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml -index 92310b977..e76e314a6 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -index f8cd8b73d..090554c02 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml -index 231034a9c..460877cec 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -index 6002067e5..0515753c4 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml -index c122b209f..d1f676a94 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml -index fa81ece03..7a26684d2 100644 ---- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml -index 89d6152dc..7afbf02b7 100644 ---- a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml -+++ b/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -index 1f6a233ed..9f3a4d6b4 100644 ---- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -+++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - kdump --disable -diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -index 646e63f4b..cb346ebf4 100644 ---- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -+++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - - # Use LDAP for authentication -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml -index 3a86771d6..bacfaa7d0 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml -+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh -index 743d47775..54354e10c 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh -+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian - - {{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}} - -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -index c5e7ae18c..1ab2a0a40 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -index befe1acf3..e36b1fd3e 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}} - -diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -index 524cdc7d0..2678708d2 100644 ---- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - - {{{ bash_replace_or_append(chrony_conf_path, '^port', '0', '%s %s') }}} -diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -index c435df983..b80ffbf7b 100644 ---- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -index 25b768688..a1e46bc12 100644 ---- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - - {{{ bash_replace_or_append(chrony_conf_path, '^cmdport', '0', '%s %s') }}} -diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -index c435df983..b80ffbf7b 100644 ---- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml -index c435df983..b80ffbf7b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh -index a7d291916..c1802d791 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh -@@ -1,7 +1,7 @@ - #!/bin/bash - # packages = chrony - # variables = var_time_service_set_maxpoll=16 --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - {{{ bash_package_remove("ntp") }}} - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh -index f6da9d51f..2eeff701b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh -@@ -1,7 +1,7 @@ - #!/bin/bash - # packages = chrony - # variables = var_time_service_set_maxpoll=16 --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - - {{{ bash_package_remove("ntp") }}} - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml -index c435df983..b80ffbf7b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml -index c435df983..b80ffbf7b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml -index b7eaee763..ceeb3228c 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh -index 2e3d4e406..a348b99df 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh -index b75e59c2e..6c3415c34 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh -index e7c266e7f..7ce4dd93a 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh -index 7b9cbcb9a..154effcbd 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh -index 0b8c54cfb..7a44d477b 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh -index 69908e41f..0c506bca3 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # packages = chrony - - -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh -index b2427c1d5..2d62ca68b 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - echo "" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh -index 16c634e0a..e0e0b136a 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - rm -f {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh -index 56b414e2e..c28bc2f7f 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - echo "some line" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh -index 01a21e0b0..3b8082c73 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - sed -i "^pool.*" {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh -index 6f45a555f..5d03e6e21 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - sed -i "^server.*" {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh -index ec9e58c75..1a31ccf74 100644 ---- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - sed -i "^pool.*" {{{ chrony_conf_path }}} - echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh -index d74bde623..8f83241cd 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh -index 56cee5abd..a8d771d62 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "pool 0.pool.ntp.org" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh -index 50e0715cc..e75a1ec07 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "" > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh -index d89bdb1e5..a56b2e0dc 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - rm -f {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh -index ce121222a..3c7d36f8b 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "some line" > {{{ chrony_conf_path }}} - echo "another line" >> {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh -index 917d2e610..eccff3389 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} - echo "server 1.pool.ntp.org" >> {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh -index 5f0ad2c6e..7c6175efb 100644 ---- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh -+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = chrony --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - echo "server " > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -index 9c6fc297c..7db8e8320 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -index e64838b15..baaa07631 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - find /root -xdev -type f -name ".rhosts" -exec rm -f {} \; - find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \; -diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -index a66068605..f25b95045 100644 ---- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -index 9e1f01f53..d7d4c2651 100644 ---- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - ###################################################################### - #By Luke "Brisk-OH" Brisk - #luke.brisk@boeing.com or luke.brisk@gmail.com -diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml -index ca07eef0e..9a56d0833 100644 ---- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml -+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh -index c54b259d0..78a682cc8 100644 ---- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh -+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}} - -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh -index cd5171c1b..6301578ba 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - if ! grep -q ssh_keys /etc/group; then - groupadd ssh_keys -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh -index 840370623..c64f052be 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_group="cac_testgroup" - groupadd $test_group -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh -index 4964fe4a1..f5fd88dd3 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_group="cac_testgroup" - groupadd $test_group -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh -index 8028e0466..36ebda0b3 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub) - chgrp root "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh -index 56c713f3d..505f3adfb 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_group="cac_testgroup" - groupadd $test_group -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh -index 7cffa2c97..9c0f3a28b 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - rm -f /etc/ssh/*.pub -diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh -index b6bef987d..799d5044b 100644 ---- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh -+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_group="cac_testgroup" - groupadd $test_group -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh -index b36e8a3d7..494455df2 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) - chown root "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh -index 30da398eb..4ee3a3c1f 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_user="cac_testuser" - useradd $test_user -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh -index 59f414be3..484da1eec 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_user="cac_testuser" - useradd $test_user -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh -index adc985a1a..489f65995 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub) - chown root "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh -index 4fa528fe3..bbc3c6147 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_user="cac_testuser" - useradd $test_user -diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh -index 16878dc1d..6c3983a9d 100644 ---- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh -+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - test_user="cac_testuser" - useradd $test_user -diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh -index 28325e1f7..d19148a0b 100644 ---- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh -+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) - chown root:ssh_keys "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh -index 63e2d8642..8a5a658b5 100644 ---- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh -+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) - chown root:ssh_keys "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh -index 48ecfbcac..c5a05db8b 100644 ---- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh -+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) - chown root:ssh_keys "$FAKE_KEY" -diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -index 5a97f74df..104b27f3f 100644 ---- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -index 39102e5d7..2dcfeeb0f 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -index ba5987621..d972650ea 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv - - - {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^Protocol', '2', '%s %s') }}} -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -index f8d422c6c..aafcd046f 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -index c7212d5b8..dc1e8c4b9 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - {{{ bash_instantiate_variables("var_sshd_disable_compression") }}} - {{{ bash_sshd_remediation("Compression", "$var_sshd_disable_compression") }}} -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -index 228a1166a..6ba91af43 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -index 5a1ec5cf7..d240b4711 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - - {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}} -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -index 5b54ab892..4213bc152 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml -index be6b3672f..869beb409 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh -index e777ce8fe..588ca64d7 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - {{{ bash_instantiate_variables("var_sshd_set_keepalive") }}} - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -index a7a2ed3d6..f4ba85ff9 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -index 2920273f9..32fba975e 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("sshd_max_auth_tries_value") }}} - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh -index fcdb800c2..77c3e82da 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel, multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux, multi_platform_fedora - - #!/bin/bash - SSHD_CONFIG="/etc/ssh/sshd_config" -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh -index 1d6e73048..03439603e 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - if grep -q "^Ciphers" /etc/ssh/sshd_config; then - sed -i "s/^Ciphers.*/Ciphers aes192-ctr,aes128-ctr/" /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh -index 4319832c0..313cc1c9d 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh -index 5e7246205..6de325120 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh -index dfe21de81..9ec1188e8 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh -index 63774b1e3..780664422 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh -index a9ddcf7c1..e696c5c82 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh -index 682758a9d..7f2f9144a 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh -index 4cac68a12..e329787c3 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - source common.sh - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh -index edb2553d2..2bfd42c86 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com", '%s %s') }}} -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh -index b903a7a08..cd6f95db4 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}} -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh -index 17ff9f0aa..f2ba6a570 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - if grep -q "^MACs" /etc/ssh/sshd_config; then - sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -index ba493f99f..dad0a61e3 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config - echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -index 27a2e37ac..3e678dccb 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -index ca08e633a..f90fa48d6 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config - echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -index 5a98fc0eb..846cdd444 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -index 202fc7f44..711cc57c6 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -index 68a6a1291..740c94e10 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - {{{ bash_instantiate_variables("var_sssd_ldap_tls_ca_dir") }}} - -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -index 891b3e2f9..6cb0bce26 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -index 5c83263bc..91e28ba16 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - {{{ bash_sssd_ldap_config(parameter="ldap_tls_reqcert", value="demand") }}} -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -index b38bc41fe..33c5c9034 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -index 564e32815..02bed6db8 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - {{{ bash_sssd_ldap_config(parameter="ldap_id_use_start_tls", value="true") }}} - -diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml -index 02cfde93e..1b9644302 100644 ---- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh -index a7e449e52..84da3094e 100644 ---- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -index 09e863e4a..ba1f546e9 100644 ---- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - - -diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -index efd5408e4..8e7ade7bc 100644 ---- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -index e7d5d3916..ed768f876 100644 ---- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}} - -diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -index 3da9609d7..06586bd8a 100644 ---- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - - MAIN_CONF="/etc/sssd/conf.d/ospp.conf" - -diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -index b92e1d3a6..747a90b31 100644 ---- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -index f066ef1bd..01254fa6f 100644 ---- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - {{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}} - -diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml -index 331627492..72a361b30 100644 ---- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml -+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml -@@ -1,3 +1,3 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}} -diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml -index 9f18591b3..b49d5217a 100644 ---- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml -+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml -index e9c55dfb0..9be805c13 100644 ---- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml -+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - metadata: -diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml -index 5ef460be8..8a12559f6 100644 ---- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml -+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - {{% macro usbguard_hid_and_hub_config_source() %}} - allow with-interface match-all { 03:*:* 09:00:* } - {{%- endmacro -%}} -diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml -index cca593262..5ac5c0678 100644 ---- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml -+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh -index 88d55f160..f2f336700 100644 ---- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh -+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh -index e0bdca6be..9ce5132f6 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle -+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - systemctl set-default multi-user.target -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh -index 9ec0cae93..4487412e5 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle -+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh -index 3df966d45..25eb0ca24 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle - - systemctl set-default graphical.target -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh -index d3da2f113..a90d73d4b 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle - - ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -index 1dea09b2f..cbc23c694 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -index 63ceaaf88..e50ada3e4 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("login_banner_text") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml -index c2feb1fbc..116c6cde5 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - metadata: -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -index 5735d2035..0ca7771ef 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -index 4d77e8336..4ed727fc5 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("motd_banner_text") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -index 5814a30bd..aa4aa4c5c 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -index 86aff54f9..b295782b0 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh -index 1b2e46eff..6c22561e3 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_ncp - # packages = dconf,gdm - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh -index a3e7ebc0e..c65609786 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_stig - # packages = dconf,gdm - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh -index 4af47e3e0..0fe73b672 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_stig - # packages = dconf,gdm - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh -index e1abf408e..ea28b1697 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux - # profiles = xccdf_org.ssgproject.content_profile_stig - # packages = dconf,gdm - -diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml -index 428fbd7fa..390b6513d 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4 - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -index badc79bff..f6c602159 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - - {{%- if "sle" in product or "ubuntu" in product %}} - {{%- set pam_lastlog_path = "/etc/pam.d/login" %}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -index 3b6df64d6..c60568c1a 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -index 28062890d..b04531a5b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then - echo "session required pam_namespace.so" >> "/etc/pam.d/login" - fi -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml -index e9ecd879f..74e4c0b09 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh -index 63d03f08d..e0eae4498 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - {{{ bash_pam_faillock_enable() }}} - {{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml -index 95c3a04db..37caefc2f 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh -index 365006509..2a10d041b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml -index e4be20de0..a9d7e2ec1 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh -index a55f86dc3..5506f8c40 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml -index 1eab1f8c4..f29521f1b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh -index 021a400c0..09b9d3918 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_pam_faillock_enable() }}} - {{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh -index c35696fee..f9615fcef 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = authselect,pam --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - source common.sh - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh -index 5bbbc464e..15a644bba 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = authselect,pam --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - source common.sh -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh -index 67c1b593b..74bb77abe 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # variables = var_accounts_passwords_pam_faillock_deny=3 - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh -index e3ec96da0..56c6b75f3 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # remediation = none - # variables = var_accounts_passwords_pam_faillock_deny=3 -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -index 2a6868f38..70448df97 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -index 09d8aeee0..72b3aeacb 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - {{{ bash_pam_faillock_enable() }}} - {{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh -index 9d4320fbb..4cf206854 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # variables = var_accounts_passwords_pam_faillock_fail_interval=900 - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh -index 30e044729..bb60fb3ed 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # remediation = none - # variables = var_accounts_passwords_pam_faillock_fail_interval=900 -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh -index ebabc6518..b02f953cc 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = authselect --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - source common.sh - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh -index a10547339..c01c35a48 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash - # packages = authselect --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - source common.sh -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh -index bfcc7d4a4..da0f4a90e 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # variables = var_accounts_passwords_pam_faillock_unlock_time=600 - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh -index eff1bd32c..f6307511b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # remediation = none - # variables = var_accounts_passwords_pam_faillock_unlock_time=600 -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml -index 06f7962fd..dc6eea20d 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh -index a55859203..377efc82e 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml -index 90484d66f..81664de52 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh -index 4ea10f4c4..6c1de4e4c 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_ensure_pam_module_configuration('/etc/pam.d/system-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -index 25a0da980..bf2a98da4 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh -index 03723cd8c..1df4f1d61 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # variables = var_password_pam_retry=3 - - source common.sh -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -index 662c3641e..4baf0adaa 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -index f6b461789..fb6d88e37 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}} - LIBUSER_CONF="/etc/libuser.conf" -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -index 8dedf993c..51c76b11a 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml -index 9fffb6188..bd6f532b7 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh -index 3b4602f2c..89cf6b6c5 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol - - {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}} - PAM_FILE_PATH="/etc/pam.d/password-auth" -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -index 3045574e5..7ce6bb466 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml -index 517c83c6e..041e9a29c 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh -index f8c47e96a..d0aaabaf7 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu - - systemctl disable --now ctrl-alt-del.target - systemctl mask --now ctrl-alt-del.target -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh -index 41eed9737..992dc2304 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu -+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu - - systemctl unmask ctrl-alt-del.target -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh -index d9fdc678f..a4f6ea6a9 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - service_file="/usr/lib/systemd/system/emergency.service" - sulogin="/bin/bash" -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh -index 63b9b08b5..15abe6cec 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - service_file="/usr/lib/systemd/system/rescue.service" - sulogin="/bin/bash" -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml -index 75395cf61..1dcee69f3 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml -index f47326940..42d591752 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -index dc63eb653..dc6931307 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh -index 0b31379f0..778d63d74 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora -+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - - echo 'bind W lock-session' >> '/etc/tmux.conf' - chmod 0644 "/etc/tmux.conf" -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh -index e38203195..55a8aff57 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora -+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = tmux - - echo 'bind X lock-session' >> '/etc/tmux.conf' -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh -index 45458b6f2..87e6ded51 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora -+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = tmux - - echo > '/etc/tmux.conf' -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh -index 93ed8cbf4..bff755146 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora -+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = tmux - - echo '# bind X lock-session' >> '/etc/tmux.conf' -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh -index da006625e..8e02e36e8 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora -+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # packages = tmux - - echo 'bind X lock-session' >> '/etc/tmux.conf' -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -index 6b2d6cd5e..c20712c9f 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml -index 1a9d35f69..9a5753d98 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml -index 18231e23a..c986f5c73 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh -index c2afecc19..652fbedb7 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ubuntu,multi_platform_rhel -+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux - # packages = openssl-pkcs11 - - if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh -index d7103cc0a..68c252f78 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = openssl-pkcs11 - - if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh -index c0cc3c94f..6db041b04 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = openssl-pkcs11 - - if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -index 74598bc7e..680caf4ba 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -index f299285d4..52e841b61 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - - {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh -index aa147fdce..bb8288f5b 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh -@@ -1,5 +1,5 @@ - #! /bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_accounts_authorized_local_users_regex=^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$ - - var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$" -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -index 1e571bcbf..7901ceae0 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -index 0c81c0ee5..29f31c654 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -index b04d7cdb8..0d5a5831e 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -index dcc5de3f1..268aafbab 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} - {{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}} -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml -index dc843c19c..1290f8d43 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh -index 8ff7cba19..14ece5d17 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml -index ebcb5ac04..674369a42 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh -index 7bdb759f6..dd157f1e3 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_debian - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -index 4994ff315..e8469b8e9 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -index 82110016d..2a73ed386 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -index 7374c21e8..0a9f303d4 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - - {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -index c0b520bdf..70ab14cba 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -index 8316e495a..bf8a4c240 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -index 117a42585..b41d01a89 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -index 9878acd1a..65218e2fe 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -index ad3133b1f..eac1b843a 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml -index 888cc054f..2b7d571ad 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh -index 7bbfd7675..3d438fe7a 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -index 8f87bf06e..6bed5ef5a 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -index 5f9c92aac..119219eb0 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -index 10a747ef2..5a819abfc 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -index e7f5c730c..8f06c6cfa 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -index bd1ba1ccb..d139fdda4 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - # uncomment the option if commented - sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml -index e236b1ec2..d84d7345f 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh -index d16374ffd..1ae066fd9 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}} - - PAM_CONF=/etc/pam.d/su -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -index 315b2efec..657d0c4e6 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5 -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5 - # disruption = low - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -index 305f8fea8..e9470bfa1 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5 -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5 - - {{{ bash_instantiate_variables("var_accounts_fail_delay") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -index 536ac2956..d1bff5ffa 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -index 0005b2ccb..0329d6cdf 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle - - {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml -index 3f080376a..6295c853e 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml -index 9ca521640..5c961399e 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -index 5bfb963a1..77807dbfb 100644 ---- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -index 0f681a6db..846b47fee 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_accounts_user_umask") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml -index fb91eab05..02b78a6ab 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_rhv4 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_rhv4 - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh -index ec59ac915..3e5470b1e 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_rhv4 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_rhv4 - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh -index ec75bf6d2..eb2aa2ea1 100644 ---- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh -+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac -diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh -index a545d9791..383a6ee76 100644 ---- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh -+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - touch /etc/pam.d/{password,system}-auth-{mycustomconfig,ac} -diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh -index 82fb5d543..2dbee752d 100644 ---- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh -+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac -diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh -index 31c46debf..9b4e3abe2 100644 ---- a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh -+++ b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = authselect,pam - # remediation = none - -diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh -index ac68df9e0..f589bfb44 100644 ---- a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh -+++ b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = authselect,pam - - authselect select minimal --force -diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh -index 3bd07c62e..e328ca74c 100644 ---- a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh -+++ b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = authselect,pam - - rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth} -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -index 773f88904..6060189e7 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then - mkdir -p /etc/rsyslog.d -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml -index 4e321fecb..2818c4ca1 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh -index 3933f28b4..d71a075f1 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml -index 892523fc4..9fbba1ccb 100644 ---- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml -+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -index f42709ef5..8b35da68b 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -index f2019bb9a..a12ceb5c1 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu - - {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}} - -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml -index d6e2b2564..323d3ffaa 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh -index ee1cbf7ea..eb4e5adc4 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh -index 51b6c4fb6..679e35435 100644 ---- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh -+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # check-import = stdout - - result=$XCCDF_RESULT_PASS -diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh -index b2a8e350c..e97d0f4a5 100644 ---- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh -+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # check-import = stdout - - result=$XCCDF_RESULT_PASS -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -index d787fbbbf..d209806d8 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - # enable randomness in ipv6 address generation - for interface in /etc/sysconfig/network-scripts/ifcfg-* -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -index 87306fedb..88e2884bc 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -index 8792fc668..2c7c4b025 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -index e222b1c88..85b92ce90 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -index 4ed2c480c..f59b6d7c3 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -index 845b013ed..063776b85 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -index e2951d845..0335df123 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -index 2bd1bdbca..63ab3fe59 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC - # services for NFSv4 from attempting to start IPv6 network listeners -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -index 6bb6de134..1f0664a02 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -index b3d72bb4a..b89b8a35a 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -index 70e767cc4..fbe1a27a2 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -index c64da37a3..08535e5a1 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh -index 583b70a3b..d9bca3de6 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - # Clean sysctl config directories - rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh -index ef545976d..bf1ccb250 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - # Clean sysctl config directories - rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -index 8b075d55e..0dd17a34b 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -index 2bfbd9e46..8ea37100a 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -index aa7d1562b..08668d03c 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -index 3a60ab17c..728ddb817 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -index b6e53de36..0b652c7cf 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -index aeb67c4e0..f47a8ab67 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -index 52d74441b..08c8c256d 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -index 9e3a85af9..d4f4d31cb 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -index 0c8dae788..a26df0c5a 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -index ea1db12fe..5d8b19f68 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -index b54e3d12b..125464d7a 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh -index 89d344c4f..1a926adaa 100644 ---- a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh -+++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # check-import = stdout - - tbl_output=$(nft list tables | grep inet) -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh -index 57cc29270..4b1b2805e 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - rm -f /etc/modprobe.d/dccp-blacklist.conf - echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf -diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh -index 0f2d15979..27572472b 100644 ---- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh -+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common.sh -diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh -index 469db24e9..671a4d019 100644 ---- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh -+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - source common.sh - -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml -index dcb2b99b7..8dbb02940 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -index 91b3495c9..7f3876c49 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - df --local -P | awk '{if (NR!=1) print $6}' \ - | xargs -I '$6' find '$6' -xdev -type d \ - \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh -index d2b47d989..9f25146b9 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - DIRS="/lib /lib64 /usr/lib /usr/lib64" - for dirPath in $DIRS; do - find "$dirPath" -type d -exec chown root '{}' \; -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh -index 542184ae8..9cdfbf737 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - groupadd nogroup - DIRS="/lib /lib64" - for dirPath in $DIRS; do -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh -index 5f8dcd2eb..7980d87b5 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - DIRS="/lib /lib64 /usr/lib /usr/lib64" - for dirPath in $DIRS; do - find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \; -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh -index c3cd0944b..3c41df40c 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - DIRS="/lib /lib64 /usr/lib /usr/lib64" - for dirPath in $DIRS; do - chmod -R 755 "$dirPath" -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh -index 90ae74be6..243a8e16e 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - DIRS="/lib /lib64" - for dirPath in $DIRS; do - mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme" -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh -index ebaf9b766..858020d51 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - DIRS="/usr/lib /usr/lib64" - for dirPath in $DIRS; do - mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme" -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml -index 8f479451b..21a923e63 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh -index b9bbe4dbe..2652ea041 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu -+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu - - for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin - do -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -index 04178f485..ce116710e 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -index 5471f360f..1a2c2a9fa 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle - find /bin/ \ - /usr/bin/ \ - /usr/local/bin/ \ -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh -index 9c3fa6fe9..78ab97152 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64 - do -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh -index 02867684c..8b274eded 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - useradd user_test - for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh -index 81d8a339e..70345d4e7 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - useradd user_test - -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh -index 3382568ce..b4f4bd0a0 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu - - useradd user_test - -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -index aeaa1f058..b69b5cd7a 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -index ab89b277a..f4a7c33a9 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec" - for dirPath in $DIRS; do - find "$dirPath" -perm /022 -exec chmod go-w '{}' \; -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh -index 5356d3742..a85c88001 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu - - for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64 - do -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh -index 7352b60aa..fc84e065c 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu - - groupadd group_test - for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me -diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -index b0d594003..4a71eccda 100644 ---- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -index 5ce0decba..b7a4243e4 100644 ---- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -index 59e39270d..5c154d333 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - - # Delete particular /etc/fstab's row if /var/tmp is already configured to - # represent a mount point (for some device or filesystem other than /tmp) -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -index d94802273..554e34e00 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -index d94802273..554e34e00 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -index 32651fa92..b68ea1c66 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - SECURITY_LIMITS_FILE="/etc/security/limits.conf" - - if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -index 41cbd1197..481afa583 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -index 415b0486d..02b1e991a 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh -index 70189666c..22f9e966b 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - # Clean sysctl config directories - rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh -index 209395fa9..23cce30a8 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - # Clean sysctl config directories - rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -index 7a4c107b2..22e209120 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh -index 6d87da5f2..021acd31f 100755 ---- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh -+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - cp /proc/cpuinfo /tmp/cpuinfo -diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh -index 3260539b3..29d22d491 100755 ---- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh -+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - cp /proc/cpuinfo /tmp/cpuinfo -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -index 88c683445..fa9b2020d 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -index 36e025cc3..e97acde11 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -index 505b3c12b..cdf18e6dd 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -index 0541e59a7..50020c28c 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -index 2e24d9211..7b706bb32 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -index ceafd4839..7006e2066 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -index 7519b7740..af6c30abd 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -index fdd4fb83e..3274d5b36 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -index 4be24a89d..76c0cc6df 100644 ---- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -index 735354a2d..0c13b196e 100644 ---- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 - - sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* - sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* -diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh -index 2520d3dcc..ed0bc9538 100644 ---- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh -+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - - # Package libselinux cannot be uninstalled normally - # as it would cause removal of sudo package which is -diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -index 5b45fae3f..c66669977 100644 ---- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -index b0e1de6ba..e08be5aa9 100644 ---- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -+++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -index 9db746638..a2e3b6c7b 100644 ---- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -index 78c1d4f61..0fc55b9c0 100644 ---- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -+++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5 - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -index c3baa1b80..be83f158f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -index 917fc7dc4..bc1d7c63c 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -index f5d68f1c3..91f02c0d4 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -index 45e6c24aa..e06d9600f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -index 6b19c8138..1f656f5a8 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -index ef2933c52..0d72f6f65 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -index 0ca67c74a..332a5018a 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -index 60417ff4e..0af05e798 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -index ac168ef9f..69ecfa6a7 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -index 51e4063c3..3591b7266 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -index 33460b61c..04074e66b 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -index 4e389aa5c..254db9bfe 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -index c3922e5b0..40515598a 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -index 09eed8367..601191b49 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -index bf1efbe61..efa5b96a6 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -index f7c7b4379..95781d5ab 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -index d3f144c89..ae170b802 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -index 5b08acff4..d1af90b16 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -index 9d034e519..2c45806b4 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -index d04e6893f..5b9cba007 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -index 34ff91ab3..875abf68d 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -index 4dbe2b3c8..7313b6bcd 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -index 606e00c5f..792db4ca4 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -index ed7d98843..a41cb7151 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -index c379700ad..6d91cec21 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -index 9830ea565..c0913adb5 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -index fa4f578ef..f0d0708d1 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml -index c7617bc43..7de8de33c 100644 ---- a/linux_os/guide/system/software/gnome/group.yml -+++ b/linux_os/guide/system/software/gnome/group.yml -@@ -12,7 +12,7 @@ description: |- - {{% if 'ol' in product %}} - Oracle Linux Graphical environment. - {{% else %}} -- Red Hat Graphical environment. -+ AlmaLinux Graphical environment. - {{% endif %}} -

- For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}. -diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml -index d4f698215..2835050c4 100644 ---- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml -+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml -@@ -4,6 +4,7 @@ - The operating system installed on the system is supported by a vendor that provides security patches. - ") }}} - -+ - - - -diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -index 8b47069e6..e87e3f9e8 100644 ---- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -@@ -11,6 +11,9 @@ description: |- - {{% elif product in ["sle12", "sle15", "slmicro5"] %}} - SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise - vendor, SUSE is responsible for providing security patches. -+{{% elif product == "almalinux10" %}} -+ AlmaLinux is supported by AlmaLinux. As the AlmaLinux -+ vendor, AlmaLinux is responsible for providing security patches. - {{% else %}} - Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise - Linux vendor, Red Hat, Inc. is responsible for providing security patches. -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml -index dd096ab41..b180ed3b3 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -index 0447bf2c4..43627ebd3 100644 ---- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml -index 9647791ef..9f70b30d4 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol - # reboot = true - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh -index 5da0c99e6..57ac7592b 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 - - fips-mode-setup --enable - FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" -diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh -index 9c232fc94..f3d71ee21 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh -+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = crypto-policies-scripts --# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol - - fips-mode-setup --enable - FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" -diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh -index b92e82236..138d2c997 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh -+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = crypto-policies-scripts --# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol - - fips-mode-setup --enable - FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -index 04e69228b..9072c4023 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{% if 'sle' in product %}} - zypper -q --no-remote ref -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml -index 4109e8d44..65a693e23 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh -index ea2a1113b..fbc6b9b8a 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh -index 1b0c304be..fe181733a 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = aide - - aide --init -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh -index 236c0cebf..f91dce305 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = aide - - declare -a bins -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh -index 7f422b6b2..efdd460cc 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = aide - - declare -a bins -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh -index d76b93657..35c7a2400 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - # packages = aide - - aide --init -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -index dfa5c1b6c..60ac94141 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -index 34a114520..b22a658da 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml -index 9e5172cc5..88a2fa5de 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml -@@ -1,5 +1,5 @@ - # and the regex_findall does not filter out configuration files the same as bash remediation does --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = high -@@ -7,7 +7,7 @@ - - name: "Set fact: Package manager reinstall command" - set_fact: - package_manager_reinstall_cmd: {{{ pkg_manager }}} reinstall -y -- when: ansible_distribution in [ "Fedora", "RedHat", "CentOS", "OracleLinux" ] -+ when: ansible_distribution in [ "Fedora", "RedHat", "CentOS", "OracleLinux", "AlmaLinux" ] - - - name: "Set fact: Package manager reinstall command (zypper)" - set_fact: -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -index a40f350d4..b1c682604 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names - files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )" -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -index 5c39628ff..9aa639575 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -index 329a00f56..d3cce1c0c 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -index 0bd8e7e8a..25b5bd333 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -index 0f791c95e..0efde1682 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -index 21ece11e5..26403c434 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -index c01587242..de0605d2d 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -index eb5220278..e19cec598 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -index 0ca7c09b3..05dcae714 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_sudo_umask=0027 - - echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -index 39ec72b52..a2849d3b4 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # variables = var_sudo_umask=0027 - - echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh -index 0e5aed5d0..c75edccd5 100644 ---- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # remediation = none - - # Make sure sudo is owned by root group -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh -index a258d108a..904d4adb0 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh -index cdd8174d2..ab7afd6a4 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - touch /etc/sudoers.d/empty -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh -index 093f9dd80..0cd6dbf48 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh -index 3372c20b7..6c9e6fc44 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh -index ef0abd449..9606a913c 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh -@@ -1,4 +1,4 @@ --# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh -index 6247b5230..bd82dc53d 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh -index 071e3a0ab..b6779c1c5 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - echo 'Defaults !targetpw' >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh -index 273fb4529..b15cdc1da 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - touch /etc/sudoers.d/empty -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh -index d477b5972..569a80382 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - touch /etc/sudoers.d/empty -diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh -index a4c5bde62..42fb94bf8 100644 ---- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 - # packages = sudo - - touch /etc/sudoers.d/empty -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -index 71b66ebab..f51a5fa0a 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh -index 34127fd17..e30b09600 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle - - {{% if 'sle' in product %}} - {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}} -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh -index 4cba82b3c..1d8495018 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - file={{{ pkg_manager_config_file }}} - -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh -index 3b3bd71f7..d54501d5c 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - file={{{ pkg_manager_config_file }}} - -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh -index 8f2e4fac8..20d00061a 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - - file={{{ pkg_manager_config_file }}} - -diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml -index d74db7b2b..b44ee67b3 100644 ---- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8 - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml -index ba0c54f3f..1890b7708 100644 ---- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8 -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8 - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml -new file mode 100644 -index 000000000..66ffc626b ---- /dev/null -+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml -@@ -0,0 +1,39 @@ -+# platform=multi_platform_almalinux -+# reboot = false -+# strategy = restrict -+# complexity = medium -+# disruption = medium -+- name: "Read permission of GPG key directory" -+ stat: -+ path: /etc/pki/rpm-gpg/ -+ register: gpg_key_directory_permission -+ check_mode: no -+ -+# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well. -+ -+- name: Read signatures in GPG key -+ # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10 -+ command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10" -+ args: -+ warn: False -+ changed_when: False -+ register: gpg_fingerprints -+ check_mode: no -+ -+- name: Set Fact - Installed GPG Fingerprints -+ set_fact: -+ gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}" -+ -+- name: Set Fact - Valid fingerprints -+ set_fact: -+ gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}") -+ -+- name: Import AlmaLinux GPG key -+ rpm_key: -+ state: present -+ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 -+ when: -+ - gpg_key_directory_permission.stat.mode <= '0755' -+ - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0 -+ - gpg_installed_fingerprints | length > 0 -+ - ansible_distribution == "AlmaLinux" -diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh -new file mode 100644 -index 000000000..683f7848c ---- /dev/null -+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh -@@ -0,0 +1,26 @@ -+# platform = multi_platform_almalinux -+readonly ALMALINUX_FINGERPRINT="EE6DB7B98F5BF5EDD9DA0DE5DEE5C11CC2A1E572" -+ -+# Location of the key we would like to import (once it's integrity verified) -+readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10" -+ -+RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")") -+ -+# Verify /etc/pki/rpm-gpg directory permissions are safe -+if [ "${RPM_GPG_DIR_PERMS}" -le "755" ] -+then -+ # If they are safe, try to obtain fingerprints from the key file -+ # (to ensure there won't be e.g. CRC error) -+ readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10) -+ GPG_RESULT=$? -+ # No CRC error, safe to proceed -+ if [ "${GPG_RESULT}" -eq "0" ] -+ then -+ # Filter just hexadecimal fingerprints from gpg's output from -+ # processing of a key file -+ echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || { -+ # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it -+ rpm --import "${ALMALINUX_RELEASE_KEY}" -+ } -+ fi -+fi -diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml -new file mode 100644 -index 000000000..c0aa2a5eb ---- /dev/null -+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml -@@ -0,0 +1,42 @@ -+ -+ -+ -+ AlmaLinux gpg-pubkey Package Installed -+ -+ multi_platform_almalinux -+ -+ The AlmaLinux key packages are required to be installed. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ gpg-pubkey -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ {{{ pkg_release }}} -+ {{{ pkg_version }}} -+ -+ -+ -diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml -new file mode 100644 -index 000000000..869000fd0 ---- /dev/null -+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml -@@ -0,0 +1,44 @@ -+documentation_complete: true -+ -+title: 'Ensure AlmaLinux GPG Key Installed' -+ -+description: |- -+ To ensure the system can cryptographically verify base software -+ packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed. -+ To install the AlmaLinux GPG key, run: -+ 
$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-10
-+ If the system is not connected to the Internet, -+ then install the AlmaLinux GPG key from trusted media such as -+ the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted -+ in /media/cdrom, use the following command as the root user to import -+ it into the keyring: -+ 
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY
-+ -+rationale: |- -+ Changes to software components can have significant effects on the -+ overall security of the operating system. This requirement ensures -+ the software has not been tampered with and that it has been provided -+ by a trusted vendor. The AlmaLinux GPG key is necessary to -+ cryptographically verify packages are from AlmaLinux. -+ -+severity: high -+ -+references: -+ cis: 1.2.2 -+ disa: CCI-001749 -+ nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b) -+ nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 -+ pcidss: Req-6.2 -+ isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6' -+ isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4 -+ cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02 -+ iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4 -+ cis-csc: 11,2,3,9 -+ -+ocil_clause: 'the AlmaLinux GPG Key is not installed' -+ -+ocil: |- -+ To ensure that the GPG key is installed, run: -+ 
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
-+ The command should return the string below: -+ 
gpg(AlmaLinux OS 10 <packager@almalinux.org>
-diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -index 2bf91c8ca..b5f520737 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle - - {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}} -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -index a653565f5..0e8220272 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = enable - # complexity = low -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -index 07e02fa47..ee1d023d9 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle - {{% if product in ["sle12", "sle15"] %}} - sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/* - {{% else %}} -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh -index 37e47e4d4..a852e856f 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - - sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/* -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh -index 04ff6e577..b97d75469 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh -@@ -1,4 +1,4 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - - sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* -diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -index cbd37bfad..416279da7 100644 ---- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -@@ -16,6 +16,11 @@ description: |- - 
$ sudo yum update
- If the system is not configured to use one of these sources, updates (in the form of RPM packages) - can be manually downloaded from the ULN and installed using rpm. -+{{% elif product in ["almalinux10"] %}} -+ Run the following command to install updates: -+ 
$ sudo yum update
-+ If the system is not configured to use repos, updates (in the form of RPM packages) -+ can be manually downloaded from the repos and installed using rpm. - {{% elif product in ["sle12", "sle15"] %}} - If the system is configured for online updates, invoking the following command will list available - security updates: -diff --git a/products/almalinux10/CMakeLists.txt b/products/almalinux10/CMakeLists.txt -new file mode 100644 -index 000000000..1284434a2 ---- /dev/null -+++ b/products/almalinux10/CMakeLists.txt -@@ -0,0 +1,26 @@ -+# Sometimes our users will try to do: "cd almalinux10; cmake ." That needs to error in a nice way. -+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") -+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") -+endif() -+ -+set(PRODUCT "almalinux10") -+ -+ssg_build_product(${PRODUCT}) -+ -+ssg_build_html_cce_table(${PRODUCT}) -+ -+ssg_build_html_srgmap_tables(${PRODUCT}) -+ -+if(SSG_SRG_XLSX_EXPORT) -+ ssg_build_xlsx_srg_export(${PRODUCT} "srg_gpos") -+endif() -+ -+#ssg_build_html_stig_tables(${PRODUCT}) -+#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig") -+#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui") -+ -+#ssg_build_html_stig_tables(${PRODUCT} "ospp") -+ -+if(SSG_CENTOS_DERIVATIVES_ENABLED) -+ ssg_build_derivative_product(${PRODUCT} "centos" "cs10") -+endif() -diff --git a/products/almalinux10/overlays/srg_support.xml b/products/almalinux10/overlays/srg_support.xml -new file mode 100644 -index 000000000..ead1127fe ---- /dev/null -+++ b/products/almalinux10/overlays/srg_support.xml -@@ -0,0 +1,173 @@ -+ -diff --git a/products/almalinux10/product.yml b/products/almalinux10/product.yml -new file mode 100644 -index 000000000..3f685127c ---- /dev/null -+++ b/products/almalinux10/product.yml -@@ -0,0 +1,54 @@ -+product: almalinux10 -+full_name: AlmaLinux 10 -+type: platform -+ -+families: -+ - rhel -+ - rhel-like -+ -+major_version_ordinal: 10 -+ -+benchmark_id: ALMALINUX-10 -+benchmark_root: "../../linux_os/guide" -+components_root: "../../components" -+ -+profiles_root: "./profiles" -+ -+pkg_manager: "dnf" -+ -+init_system: "systemd" -+ -+# EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig -+ -+groups: -+ dedicated_ssh_keyowner: -+ name: ssh_keys -+ -+sshd_distributed_config: "true" -+ -+dconf_gdm_dir: "distro.d" -+ -+faillock_path: "/var/log/faillock" -+ -+# The fingerprints below are retrieved from https://almalinux.org/security/ -+pkg_release: "668fe8ef" -+pkg_version: "c2a1e572" -+ -+release_key_fingerprint: "EE6DB7B98F5BF5EDD9DA0DE5DEE5C11CC2A1E572" -+ -+cpes_root: "../../shared/applicability" -+cpes: -+ - almalinux10: -+ name: "cpe:/o:almalinux:almalinux:10" -+ title: "AlmaLinux 10" -+ check_id: installed_OS_is_almalinux10 -+ -+# Mapping of CPE platform to package -+platform_package_overrides: -+ login_defs: "shadow-utils" -+ -+reference_uris: -+ cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/' -+ -+ -+journald_conf_dir_path: /etc/systemd/journald.conf.d -diff --git a/products/almalinux10/profiles/anssi_bp28_enhanced.profile b/products/almalinux10/profiles/anssi_bp28_enhanced.profile -new file mode 100644 -index 000000000..54c7ada58 ---- /dev/null -+++ b/products/almalinux10/profiles/anssi_bp28_enhanced.profile -@@ -0,0 +1,62 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ - vojtapolasek -+ -+title: 'DRAFT - ANSSI-BP-028 (enhanced)' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: -+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system -+ -+selections: -+ - anssi:all:enhanced -+ # Following rules are incompatible with the rhel10 product -+ - '!partition_for_opt' -+ - '!accounts_passwords_pam_tally2_deny_root' -+ - '!install_PAE_kernel_on_x86-32' -+ - '!partition_for_boot' -+ - '!sudo_add_ignore_dot' -+ - '!audit_rules_privileged_commands_rmmod' -+ - '!audit_rules_privileged_commands_modprobe' -+ - '!package_dracut-fips-aesni_installed' -+ - '!cracklib_accounts_password_pam_lcredit' -+ - '!partition_for_usr' -+ - '!cracklib_accounts_password_pam_ocredit' -+ - '!enable_pam_namespace' -+ - '!audit_rules_privileged_commands_insmod' -+ - '!service_chronyd_or_ntpd_enabled' -+ - '!chronyd_configure_pool_and_server' -+ - '!accounts_passwords_pam_tally2' -+ - '!cracklib_accounts_password_pam_ucredit' -+ - '!accounts_passwords_pam_tally2_unlock_time' -+ - '!sudo_add_umask' -+ - '!sudo_add_env_reset' -+ - '!cracklib_accounts_password_pam_minlen' -+ - '!cracklib_accounts_password_pam_dcredit' -+ - '!ensure_oracle_gpgkey_installed' -+ - '!security_patches_up_to_date' -+ # RHEL10 unified the paths for grub2 files. These rules are selected in control file by R29. -+ - '!file_groupowner_efi_grub2_cfg' -+ - '!file_owner_efi_grub2_cfg' -+ - '!file_permissions_efi_grub2_cfg' -+ - '!file_groupowner_efi_user_cfg' -+ - '!file_owner_efi_user_cfg' -+ - '!file_permissions_efi_user_cfg' -+ # disable R45: Enable AppArmor security profiles -+ - '!apparmor_configured' -+ - '!all_apparmor_profiles_enforced' -+ - '!grub2_enable_apparmor' -+ - '!package_apparmor_installed' -+ - '!package_pam_apparmor_installed' -diff --git a/products/almalinux10/profiles/anssi_bp28_high.profile b/products/almalinux10/profiles/anssi_bp28_high.profile -new file mode 100644 -index 000000000..734084764 ---- /dev/null -+++ b/products/almalinux10/profiles/anssi_bp28_high.profile -@@ -0,0 +1,58 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ - vojtapolasek -+ -+title: 'DRAFT - ANSSI-BP-028 (high)' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: -+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system -+ -+selections: -+ - anssi:all:high -+ # the following rule renders UEFI systems unbootable -+ - '!sebool_secure_mode_insmod' -+ # Thuse rules are incompatible rhel10 product -+ - '!partition_for_opt' -+ - '!accounts_passwords_pam_tally2_deny_root' -+ - '!install_PAE_kernel_on_x86-32' -+ - '!partition_for_boot' -+ - '!aide_periodic_checking_systemd_timer' -+ - '!sudo_add_ignore_dot' -+ - '!audit_rules_privileged_commands_rmmod' -+ - '!audit_rules_privileged_commands_modprobe' -+ - '!package_dracut-fips-aesni_installed' -+ - '!cracklib_accounts_password_pam_lcredit' -+ - '!partition_for_usr' -+ - '!cracklib_accounts_password_pam_ocredit' -+ - '!enable_pam_namespace' -+ - '!audit_rules_privileged_commands_insmod' -+ - '!service_chronyd_or_ntpd_enabled' -+ - '!chronyd_configure_pool_and_server' -+ - '!accounts_passwords_pam_tally2' -+ - '!cracklib_accounts_password_pam_ucredit' -+ - '!accounts_passwords_pam_tally2_unlock_time' -+ - '!sudo_add_umask' -+ - '!sudo_add_env_reset' -+ - '!cracklib_accounts_password_pam_minlen' -+ - '!cracklib_accounts_password_pam_dcredit' -+ - '!ensure_oracle_gpgkey_installed' -+ - '!security_patches_up_to_date' -+ # disable R45: Enable AppArmor security profiles -+ - '!apparmor_configured' -+ - '!all_apparmor_profiles_enforced' -+ - '!grub2_enable_apparmor' -+ - '!package_apparmor_installed' -+ - '!package_pam_apparmor_installed' -diff --git a/products/almalinux10/profiles/anssi_bp28_intermediary.profile b/products/almalinux10/profiles/anssi_bp28_intermediary.profile -new file mode 100644 -index 000000000..168327269 ---- /dev/null -+++ b/products/almalinux10/profiles/anssi_bp28_intermediary.profile -@@ -0,0 +1,42 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ - vojtapolasek -+ -+title: 'DRAFT - ANSSI-BP-028 (intermediary)' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: -+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system -+ -+selections: -+ - anssi:all:intermediary -+ # Following rules are incompatible with the rhel10 product -+ - '!partition_for_opt' -+ - '!cracklib_accounts_password_pam_minlen' -+ - '!accounts_passwords_pam_tally2_deny_root' -+ - '!accounts_passwords_pam_tally2' -+ - '!cracklib_accounts_password_pam_ucredit' -+ - '!cracklib_accounts_password_pam_dcredit' -+ - '!cracklib_accounts_password_pam_lcredit' -+ - '!partition_for_usr' -+ - '!partition_for_boot' -+ - '!cracklib_accounts_password_pam_ocredit' -+ - '!enable_pam_namespace' -+ - '!accounts_passwords_pam_tally2_unlock_time' -+ - '!sudo_add_umask' -+ - '!sudo_add_ignore_dot' -+ - '!sudo_add_env_reset' -+ - '!ensure_oracle_gpgkey_installed' -+ - '!security_patches_up_to_date' -diff --git a/products/almalinux10/profiles/anssi_bp28_minimal.profile b/products/almalinux10/profiles/anssi_bp28_minimal.profile -new file mode 100644 -index 000000000..90409f3a1 ---- /dev/null -+++ b/products/almalinux10/profiles/anssi_bp28_minimal.profile -@@ -0,0 +1,35 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ - vojtapolasek -+ -+title: 'DRAFT - ANSSI-BP-028 (minimal)' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: -+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system -+ -+selections: -+ - anssi:all:minimal -+ # Following are incompatible with the rhel9 product -+ - '!cracklib_accounts_password_pam_minlen' -+ - '!accounts_passwords_pam_tally2_deny_root' -+ - '!accounts_passwords_pam_tally2' -+ - '!cracklib_accounts_password_pam_ucredit' -+ - '!cracklib_accounts_password_pam_dcredit' -+ - '!cracklib_accounts_password_pam_lcredit' -+ - '!cracklib_accounts_password_pam_ocredit' -+ - '!accounts_passwords_pam_tally2_unlock_time' -+ - '!ensure_oracle_gpgkey_installed' -+ - '!security_patches_up_to_date' -diff --git a/products/almalinux10/profiles/cis.profile b/products/almalinux10/profiles/cis.profile -new file mode 100644 -index 000000000..e57b9c5a0 ---- /dev/null -+++ b/products/almalinux10/profiles/cis.profile -@@ -0,0 +1,17 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ -+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ -+ -+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Server' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is based on the CIS AlmaLinux 9 profile, because an equivalent policy for AlmaLinux 10 didn't yet -+ exist at time of the release. -+ -+selections: -+ - cis_rhel10:all:l2_server -diff --git a/products/almalinux10/profiles/cis_server_l1.profile b/products/almalinux10/profiles/cis_server_l1.profile -new file mode 100644 -index 000000000..9385f5423 ---- /dev/null -+++ b/products/almalinux10/profiles/cis_server_l1.profile -@@ -0,0 +1,17 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ -+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ -+ -+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Server' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is based on the CIS AlmaLinux 9 profile, because an equivalent policy for AlmaLinux 10 didn't yet -+ exist at time of the release. -+ -+selections: -+ - cis_rhel10:all:l1_server -diff --git a/products/almalinux10/profiles/cis_workstation_l1.profile b/products/almalinux10/profiles/cis_workstation_l1.profile -new file mode 100644 -index 000000000..ab27160ef ---- /dev/null -+++ b/products/almalinux10/profiles/cis_workstation_l1.profile -@@ -0,0 +1,17 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ -+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ -+ -+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Workstation' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is based on the CIS AlmaLinux 9 profile, because an equivalent policy for AlmaLinux 10 didn't yet -+ exist at time of the release. -+ -+selections: -+ - cis_rhel10:all:l1_workstation -diff --git a/products/almalinux10/profiles/cis_workstation_l2.profile b/products/almalinux10/profiles/cis_workstation_l2.profile -new file mode 100644 -index 000000000..99c4aca70 ---- /dev/null -+++ b/products/almalinux10/profiles/cis_workstation_l2.profile -@@ -0,0 +1,17 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - marcusburghardt -+ -+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ -+ -+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Workstation' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is based on the CIS AlmaLinux 9 profile, because an equivalent policy for AlmaLinux 10 didn't yet -+ exist at time of the release. -+ -+selections: -+ - cis_rhel10:all:l2_workstation -diff --git a/products/almalinux10/profiles/e8.profile b/products/almalinux10/profiles/e8.profile -new file mode 100644 -index 000000000..a94b5f969 ---- /dev/null -+++ b/products/almalinux10/profiles/e8.profile -@@ -0,0 +1,45 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ - tjbutt58 -+ -+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers -+ -+title: 'DRAFT - Australian Cyber Security Centre (ACSC) Essential Eight' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ -+ This draft profile contains configuration checks for AlmaLinux 10 -+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. -+ -+ A copy of the Essential Eight in Linux Environments guide can be found at the -+ ACSC website: -+ -+ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers -+ -+selections: -+ - e8:all -+ # audit-audispd-plugins package does not exist in RHEL 10 (based on RHEL 9) -+ # use only package_audispd-plugins_installed -+ - '!package_audit-audispd-plugins_installed' -+ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions. -+ # https://github.com/ComplianceAsCode/content/issues/11285 -+ - '!rpm_verify_permissions' -+ - '!package_talk_removed' -+ - '!package_talk-server_removed' -+ - '!package_ypbind_removed' -+ - '!package_audit-audispd-plugins_installed' -+ - '!set_ipv6_loopback_traffic' -+ - '!set_loopback_traffic' -+ - '!service_ntpd_enabled' -+ - '!package_ypserv_removed' -+ - '!package_ypbind_removed' -+ - '!package_talk_removed' -+ - '!package_talk-server_removed' -+ - '!package_xinetd_removed' -+ - '!package_rsh_removed' -+ - '!package_rsh-server_removed' -+ - '!security_patches_up_to_date' -diff --git a/products/almalinux10/profiles/hipaa.profile b/products/almalinux10/profiles/hipaa.profile -new file mode 100644 -index 000000000..490b2f5ab ---- /dev/null -+++ b/products/almalinux10/profiles/hipaa.profile -@@ -0,0 +1,46 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - jjaswanson4 -+ -+reference: https://www.hhs.gov/hipaa/for-professionals/index.html -+ -+title: 'DRAFT - Health Insurance Portability and Accountability Act (HIPAA)' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ -+ The HIPAA Security Rule establishes U.S. national standards to protect individuals’ -+ electronic personal health information that is created, received, used, or -+ maintained by a covered entity. The Security Rule requires appropriate -+ administrative, physical and technical safeguards to ensure the -+ confidentiality, integrity, and security of electronic protected health -+ information. -+ -+ This draft profile configures AlmaLinux 10 to the HIPAA Security -+ Rule identified for securing of electronic protected health information. -+ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). -+ -+selections: -+ - hipaa:all -+ - '!coreos_disable_interactive_boot' -+ - '!coreos_audit_option' -+ - '!coreos_nousb_kernel_argument' -+ - '!coreos_enable_selinux_kernel_argument' -+ - '!ensure_suse_gpgkey_installed' -+ - '!ensure_fedora_gpgkey_installed' -+ - '!grub2_uefi_admin_username' -+ - '!grub2_uefi_pass' -+ - '!service_zebra_disabled' -+ - '!package_talk-server_removed' -+ - '!package_talk_removed' -+ - '!sshd_use_approved_macs' -+ - '!sshd_use_approved_ciphers' -+ - '!accounts_passwords_pam_tally2' -+ - '!package_audit-audispd-plugins_installed' -+ - '!package_ypserv_removed' -+ - '!package_ypbind_removed' -+ - '!package_xinetd_removed' -+ - '!package_rsh_removed' -+ - '!package_rsh-server_removed' -diff --git a/products/almalinux10/profiles/ism_o.profile b/products/almalinux10/profiles/ism_o.profile -new file mode 100644 -index 000000000..9054adfeb ---- /dev/null -+++ b/products/almalinux10/profiles/ism_o.profile -@@ -0,0 +1,30 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ - wcushen -+ - eliseelk -+ - sashperso -+ - anjuskantha -+ -+reference: https://www.cyber.gov.au/ism -+ -+title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Base' -+ -+description: |- -+ This draft profile contains configuration checks for AlmaLinux 10 -+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). -+ -+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning -+ AlmaLinux security controls with the ISM, which can be used to select controls -+ specific to an organisation's security posture and risk profile. -+ -+ A copy of the ISM can be found at the ACSC website: -+ -+ https://www.cyber.gov.au/ism -+ -+extends: e8 -+ -+selections: -+ - ism_o:all:base -diff --git a/products/almalinux10/profiles/ism_o_secret.profile b/products/almalinux10/profiles/ism_o_secret.profile -new file mode 100644 -index 000000000..b95f4826f ---- /dev/null -+++ b/products/almalinux10/profiles/ism_o_secret.profile -@@ -0,0 +1,32 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ - wcushen -+ - eliseelk -+ - sashperso -+ - anjuskantha -+ -+reference: https://www.cyber.gov.au/ism -+ -+title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Secret' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ -+ This draft profile contains configuration checks for AlmaLinux 10 -+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). -+ -+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning -+ AlmaLinux security controls with the ISM, which can be used to select controls -+ specific to an organisation's security posture and risk profile. -+ -+ A copy of the ISM can be found at the ACSC website: -+ -+ https://www.cyber.gov.au/ism -+ -+extends: e8 -+ -+selections: -+ - ism_o:all:secret -diff --git a/products/almalinux10/profiles/ism_o_top_secret.profile b/products/almalinux10/profiles/ism_o_top_secret.profile -new file mode 100644 -index 000000000..a9e2ace05 ---- /dev/null -+++ b/products/almalinux10/profiles/ism_o_top_secret.profile -@@ -0,0 +1,30 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ - wcushen -+ - eliseelk -+ - sashperso -+ - anjuskantha -+ -+reference: https://www.cyber.gov.au/ism -+ -+title: 'DRAFT - Australian Cyber Security Centre (ACSC) ISM Official - Top Secret' -+ -+description: |- -+ This draft profile contains configuration checks for AlmaLinux 10 -+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). -+ -+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning -+ AlmaLinux security controls with the ISM, which can be used to select controls -+ specific to an organisation's security posture and risk profile. -+ -+ A copy of the ISM can be found at the ACSC website: -+ -+ https://www.cyber.gov.au/ism -+ -+extends: e8 -+ -+selections: -+ - ism_o:all:top_secret -diff --git a/products/almalinux10/profiles/ospp.profile b/products/almalinux10/profiles/ospp.profile -new file mode 100644 -index 000000000..33ba7ea5b ---- /dev/null -+++ b/products/almalinux10/profiles/ospp.profile -@@ -0,0 +1,24 @@ -+documentation_complete: false -+ -+metadata: -+ version: 4.3 -+ SMEs: -+ - ggbecker -+ - matusmarhefka -+ -+reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=469&id=469 -+ -+title: 'DRAFT - Protection Profile for General Purpose Operating Systems' -+ -+description: |- -+ This is draft profile is based on the Red Hat Enterprise Linux 9 Common Criteria Guidance as -+ guidance for Red Hat Enterprise Linux 10 was not available at the time of release. -+ -+ -+ Where appropriate, CNSSI 1253 or DoD-specific values are used for -+ configuration, based on Configuration Annex to the OSPP. -+ -+selections: -+ - ospp:all -+ - '!package_screen_installed' -+ - '!package_dnf-plugin-subscription-manager_installed' -diff --git a/products/almalinux10/profiles/pci-dss.profile b/products/almalinux10/profiles/pci-dss.profile -new file mode 100644 -index 000000000..1f958e6f0 ---- /dev/null -+++ b/products/almalinux10/profiles/pci-dss.profile -@@ -0,0 +1,72 @@ -+documentation_complete: true -+ -+metadata: -+ version: '4.0' -+ SMEs: -+ - marcusburghardt -+ - mab879 -+ - vojtapolasek -+ -+reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf -+ -+title: 'DRAFT - PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 10' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ -+ Payment Card Industry - Data Security Standard (PCI-DSS) is a set of -+ security standards designed to ensure the secure handling of payment card -+ data, with the goal of preventing data breaches and protecting sensitive -+ financial information. -+ -+ This draft profile ensures Red Hat Enterprise Linux 10 is configured in alignment -+ with PCI-DSS v4.0 requirements. -+ -+selections: -+ - pcidss_4:all -+ # audit-audispd-plugins package does not exist in RHEL 10 (based on RHEL 9) -+ # use only package_audispd-plugins_installed -+ - '!package_audit-audispd-plugins_installed' -+ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions. -+ # https://github.com/ComplianceAsCode/content/issues/11285 -+ - '!rpm_verify_permissions' -+ # these rules do not apply to RHEL 10 -+ - '!package_audit-audispd-plugins_installed' -+ - '!service_ntp_enabled' -+ - '!ntpd_specify_remote_server' -+ - '!ntpd_specify_multiple_servers' -+ - '!set_ipv6_loopback_traffic' -+ - '!set_loopback_traffic' -+ - '!service_ntpd_enabled' -+ - '!package_ypserv_removed' -+ - '!package_ypbind_removed' -+ - '!package_talk_removed' -+ - '!package_talk-server_removed' -+ - '!package_xinetd_removed' -+ - '!package_rsh_removed' -+ - '!package_rsh-server_removed' -+ # Following are incompatible with the rhel10 product (based on RHEL9) -+ - '!service_chronyd_or_ntpd_enabled' -+ - '!install_PAE_kernel_on_x86-32' -+ - '!mask_nonessential_services' -+ - '!aide_periodic_checking_systemd_timer' -+ - '!nftables_ensure_default_deny_policy' -+ - '!cracklib_accounts_password_pam_lcredit' -+ - '!file_owner_at_allow' -+ - '!ensure_firewall_rules_for_open_ports' -+ - '!cracklib_accounts_password_pam_retry' -+ - '!gnome_gdm_disable_guest_login' -+ - '!sshd_use_strong_kex' -+ - '!sshd_use_approved_macs' -+ - '!permissions_local_var_log' -+ - '!sshd_use_approved_ciphers' -+ - '!accounts_passwords_pam_tally2' -+ - '!ensure_suse_gpgkey_installed' -+ - '!gnome_gdm_disable_unattended_automatic_login' -+ - '!accounts_passwords_pam_tally2_unlock_time' -+ - '!cracklib_accounts_password_pam_minlen' -+ - '!set_password_hashing_algorithm_commonauth' -+ - '!cracklib_accounts_password_pam_dcredit' -+ - '!ensure_shadow_group_empty' -+ - '!service_timesyncd_enabled' -+ - '!security_patches_up_to_date' -diff --git a/products/almalinux10/profiles/stig.profile b/products/almalinux10/profiles/stig.profile -new file mode 100644 -index 000000000..1cb3caa2f ---- /dev/null -+++ b/products/almalinux10/profiles/stig.profile -@@ -0,0 +1,22 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - mab879 -+ -+ -+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux -+ -+title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is not based on the DISA STIG for RHEL 10, because it was not available at time of -+ the release. -+ -+ In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this -+ configuration baseline as applicable to the operating system tier of -+ Red Hat technologies that are based on Red Hat Enterprise Linux 10. -+ -+selections: -+ - srg_gpos:all -diff --git a/products/almalinux10/profiles/stig_gui.profile b/products/almalinux10/profiles/stig_gui.profile -new file mode 100644 -index 000000000..609256d19 ---- /dev/null -+++ b/products/almalinux10/profiles/stig_gui.profile -@@ -0,0 +1,34 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - mab879 -+ -+ -+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux -+ -+title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10' -+ -+description: |- -+ This is a draft profile for experimental purposes. -+ It is not based on the DISA STIG for RHEL 10, because it was not available at time of -+ the release. -+ -+ In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this -+ configuration baseline as applicable to the operating system tier of -+ Red Hat technologies that are based on Red Hat Enterprise Linux 10. -+ -+extends: stig -+ -+selections: -+ - '!xwindows_remove_packages' -+ -+ - '!xwindows_runlevel_target' -+ -+ - '!package_nfs-utils_removed' -+ -+ # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese -+ # https://issues.redhat.com/browse/RHEL-10416 -+ - '!sysctl_user_max_user_namespaces' -+ # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant -+ - '!logind_session_timeout' -diff --git a/products/almalinux10/transforms/constants.xslt b/products/almalinux10/transforms/constants.xslt -new file mode 100644 -index 000000000..707f9f2aa ---- /dev/null -+++ b/products/almalinux10/transforms/constants.xslt -@@ -0,0 +1,13 @@ -+ -+ -+ -+ -+AlmaLinux 10 -+AL10 -+AL_10_STIG -+almalinux10 -+ -+https://www.cisecurity.org/benchmark/almalinuxos_linux/ -+ -+ -+ -diff --git a/products/almalinux10/transforms/table-style.xslt b/products/almalinux10/transforms/table-style.xslt -new file mode 100644 -index 000000000..8b6caeab8 ---- /dev/null -+++ b/products/almalinux10/transforms/table-style.xslt -@@ -0,0 +1,5 @@ -+ -+ -+ -+ -+ -diff --git a/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt -new file mode 100644 -index 000000000..4789419b8 ---- /dev/null -+++ b/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt -@@ -0,0 +1,8 @@ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/products/almalinux10/transforms/xccdf2table-cce.xslt b/products/almalinux10/transforms/xccdf2table-cce.xslt -new file mode 100644 -index 000000000..f156a6695 ---- /dev/null -+++ b/products/almalinux10/transforms/xccdf2table-cce.xslt -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt -new file mode 100644 -index 000000000..30419e92b ---- /dev/null -+++ b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/shared/checks/oval/installed_OS_is_almalinux10.xml b/shared/checks/oval/installed_OS_is_almalinux10.xml -new file mode 100644 -index 000000000..f7b8ffe04 ---- /dev/null -+++ b/shared/checks/oval/installed_OS_is_almalinux10.xml -@@ -0,0 +1,36 @@ -+ -+ -+ -+ AlmaLinux 10 -+ -+ multi_platform_all -+ -+ -+ -+ The operating system installed on the system is -+ AlmaLinux 10 -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ ^10.*$ -+ -+ -+ ^almalinux.*-release -+ -+ -+ -diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -index 14a64dbbd..21d46b509 100644 ---- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -@@ -14,6 +14,7 @@ - multi_platform_ol - multi_platform_rhcos - multi_platform_rhel -+multi_platform_almalinux - multi_platform_rhv - multi_platform_sle - multi_platform_slmicro5 -diff --git a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml -index 1d087be21..306818938 100644 ---- a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml -+++ b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml -@@ -934,7 +934,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us - $ sudo grep -iw grub2_password /boot/grub2/user.cfg - GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] - --If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. -+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. - - Generate an encrypted grub2 password for the grub superusers account with the following command: - -@@ -946,7 +946,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not - - Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command: - --$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg -+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg - GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] - - If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. -@@ -1838,7 +1838,7 @@ On BIOS-based machines, use the following command: - - On UEFI-based machines, use the following command: - --# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg -+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg - - If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command: - -@@ -1869,7 +1869,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm - - If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command: - --Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. -+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. - - # grep fips /boot/grub2/grub.cfg - /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet -@@ -1941,23 +1941,23 @@ An example rule that includes the "sha512" rule follows: - - If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media. - --Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. -+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. - - Check for the existence of alternate boot loader configuration files with the following command: - - # find / -name grub.cfg -- /boot/efi/EFI/redhat/grub.cfg -+ /boot/efi/EFI/almalinux/grub.cfg - --If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. -+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. - - List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems): - -- # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg -+ # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg - 4 - - Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored): - -- # grep 'set root' /boot/efi/EFI/redhat/grub.cfg -+ # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg - set root='hd0,gpt2' - set root='hd0,gpt2' - set root='hd0,gpt2' -@@ -4481,12 +4481,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD} - - Generate a new grub.cfg file with the following command: - --$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfgFor systems that use BIOS, this is Not Applicable. -+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. - - For systems that are running a version of Oracle Linux prior to 7.2, this is Not Applicable. - Verify that a unique name is set as the "superusers" account: - --$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg -+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg - set superusers="[someuniquestringhere]" - export superusers - -diff --git a/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml -index eb33a0297..deb9b8ec3 100644 ---- a/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml -+++ b/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml -@@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. -+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. - - Generate an encrypted grub2 password for the grub superusers account with the following command: - -@@ -435,7 +435,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. -+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. - - Verify that a unique name is set as the "superusers" account: - --$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg -+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg - set superusers="[someuniqueUserNamehere]" - export superusers - -diff --git a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml -index 2bb4af3b9..3b4e256f4 100644 ---- a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml -+++ b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml -@@ -2584,7 +2584,7 @@ SHA_CRYPT_MIN_ROUNDS 5000 - 2921 - - CCI-000213 -- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. -+ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. - - Generate an encrypted grub2 password for the grub superusers account with the following command: - -@@ -10400,11 +10400,11 @@ Passwords need to be protected at all times, and encryption is the standard meth - - If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu. - -- -- -+ -+ - -- -- -+ -+ - - - -@@ -11040,7 +11040,7 @@ Configuration settings are the set of parameters that can be changed in hardware - The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. - - -- -+ - - - -@@ -14645,15 +14645,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi - - - -- -+ - - - -- -+ - - - -- -+ - - - -@@ -16481,18 +16481,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi - ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b - 1 - -- -- /boot/efi/EFI/redhat/grub.cfg -+ -+ /boot/efi/EFI/almalinux/grub.cfg - ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$ - 1 - -- -- /boot/efi/EFI/redhat/user.cfg -+ -+ /boot/efi/EFI/almalinux/user.cfg - ^\s*GRUB2_PASSWORD=(\S+)\b - 1 - -- -- /boot/efi/EFI/redhat/grub.cfg -+ -+ /boot/efi/EFI/almalinux/grub.cfg - - - /boot/grub2/grub.cfg -diff --git a/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml -index 89b69d69d..cf9365113 100644 ---- a/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml -+++ b/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml -@@ -374,7 +374,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. -+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. - - Generate an encrypted grub2 password for the grub superusers account with the following command: - -@@ -384,7 +384,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. -+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. - - Verify that a unique name is set as the "superusers" account: - --$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg -+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg - set superusers="[someuniquestringhere]" - export superusers - -diff --git a/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml -index c14013393..fe7d48d2c 100644 ---- a/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml -+++ b/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml -@@ -20991,7 +20991,7 @@ include "/etc/crypto-policies/back-ends/bind.config"; - - - -- -+ - - - -@@ -29178,7 +29178,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190 - - - -- -+ - - - -@@ -33049,7 +33049,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190 - 1 - - -- /boot/efi/EFI/redhat/grub.cfg -+ /boot/efi/EFI/almalinux/grub.cfg - - - /etc/grub2-efi.cfg -diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template -index 5a686b0b2..74a7d8c30 100644 ---- a/shared/templates/audit_rules_dac_modification/ansible.template -+++ b/shared/templates/audit_rules_dac_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template -index daee70210..ae6608360 100644 ---- a/shared/templates/audit_rules_dac_modification/bash.template -+++ b/shared/templates/audit_rules_dac_modification/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template -index 33b29b977..cbee8fdf7 100644 ---- a/shared/templates/audit_rules_file_deletion_events/ansible.template -+++ b/shared/templates/audit_rules_file_deletion_events/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template -index b3eab4edb..da237aa3d 100644 ---- a/shared/templates/audit_rules_file_deletion_events/bash.template -+++ b/shared/templates/audit_rules_file_deletion_events/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template -index e62981561..4f8c1b6e5 100644 ---- a/shared/templates/audit_rules_login_events/ansible.template -+++ b/shared/templates/audit_rules_login_events/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template -index e3c55b43a..0a13eabe8 100644 ---- a/shared/templates/audit_rules_login_events/bash.template -+++ b/shared/templates/audit_rules_login_events/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - -diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template -index 68b43b439..9d9ce2fad 100644 ---- a/shared/templates/audit_rules_path_syscall/ansible.template -+++ b/shared/templates/audit_rules_path_syscall/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template -index 332c87def..cdcf6352c 100644 ---- a/shared/templates/audit_rules_path_syscall/bash.template -+++ b/shared/templates/audit_rules_path_syscall/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template -index 0e2a29c80..a78d71da2 100644 ---- a/shared/templates/audit_rules_privileged_commands/ansible.template -+++ b/shared/templates/audit_rules_privileged_commands/ansible.template -@@ -1,7 +1,7 @@ - {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x=" -F perm=x" %}} - {{%- endif %}} --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh -index 316171011..aba627753 100644 ---- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh -+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - # packages = audit - - source common.sh -diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh -index 1cad34338..55c65dbe2 100644 ---- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh -+++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - - source common.sh - -diff --git a/shared/templates/audit_rules_syscall_events/ansible.template b/shared/templates/audit_rules_syscall_events/ansible.template -index 16dec9827..5e953196e 100644 ---- a/shared/templates/audit_rules_syscall_events/ansible.template -+++ b/shared/templates/audit_rules_syscall_events/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template -index bd5bb94cb..d1f68626a 100644 ---- a/shared/templates/audit_rules_syscall_events/bash.template -+++ b/shared/templates/audit_rules_syscall_events/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -index 9beb65537..e6da688f0 100644 ---- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -+++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -index b18223c98..e82de6427 100644 ---- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -+++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian - - # First perform the remediation of the syscall rule - # Retrieve hardware architecture of the underlying system -diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template -index 0ffb15ba1..a7ee3c41d 100644 ---- a/shared/templates/audit_rules_usergroup_modification/ansible.template -+++ b/shared/templates/audit_rules_usergroup_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template -index a573b6a1b..7011157d8 100644 ---- a/shared/templates/grub2_bootloader_argument/ansible.template -+++ b/shared/templates/grub2_bootloader_argument/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian - # reboot = true - # strategy = restrict - # complexity = medium -diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template -index 7a7ba6899..ac12c1878 100644 ---- a/shared/templates/grub2_bootloader_argument/bash.template -+++ b/shared/templates/grub2_bootloader_argument/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian - {{# - See the OVAL template for more comments. - Product-specific categorization should be synced across all template content types -diff --git a/shared/templates/grub2_bootloader_argument/blueprint.template b/shared/templates/grub2_bootloader_argument/blueprint.template -index 7e9ea909e..152f27303 100644 ---- a/shared/templates/grub2_bootloader_argument/blueprint.template -+++ b/shared/templates/grub2_bootloader_argument/blueprint.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - {{%- if ARG_VARIABLE %}} - {{%- set ARG_NAME_VALUE = ARG_NAME ~ "=(blueprint-populate " ~ ARG_VARIABLE ~ ")" -%}} - {{%- endif %}} -diff --git a/shared/templates/grub2_bootloader_argument/kickstart.template b/shared/templates/grub2_bootloader_argument/kickstart.template -index c5051bcf7..846c0e661 100644 ---- a/shared/templates/grub2_bootloader_argument/kickstart.template -+++ b/shared/templates/grub2_bootloader_argument/kickstart.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = true - # strategy = restrict - # complexity = medium -diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh -index b594abe6d..bac3e9fc6 100644 ---- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh -+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu - {{%- if 'ubuntu' in product %}} - # packages = grub2 - {{%- else %}} -diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh -index c6d5b6b1b..cd30da7ac 100644 ---- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh -+++ b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora -+# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_fedora - # packages = grub2,grubby - {{%- if ARG_VARIABLE %}} - # variables = {{{ ARG_VARIABLE }}}=correct_value -diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh -index f43aa99c4..9327235a9 100644 ---- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh -+++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora -+# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_fedora - # packages = grub2,grubby - - source common.sh -diff --git a/shared/templates/grub2_bootloader_argument_absent/ansible.template b/shared/templates/grub2_bootloader_argument_absent/ansible.template -index 51fc98b7a..c6b147d87 100644 ---- a/shared/templates/grub2_bootloader_argument_absent/ansible.template -+++ b/shared/templates/grub2_bootloader_argument_absent/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = medium -diff --git a/shared/templates/grub2_bootloader_argument_absent/bash.template b/shared/templates/grub2_bootloader_argument_absent/bash.template -index 8d7d6e9ea..18b900e51 100644 ---- a/shared/templates/grub2_bootloader_argument_absent/bash.template -+++ b/shared/templates/grub2_bootloader_argument_absent/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - {{# - See the OVAL template for more comments. - Product-specific categorization should be synced across all template content types -diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh -index fc3db8ccd..a12bef4b2 100644 ---- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh -+++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - # packages = grub2-tools,grubby - - # Adds argument from kernel command line in /etc/default/grub -diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh -index e51f669fd..00a74f76f 100644 ---- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh -+++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_almalinux - # packages = grub2-tools,grubby - - # Adds argument with a value from kernel command line in /etc/default/grub -diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh -index 9eda41566..538fca94a 100644 ---- a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh -+++ b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 -+# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10 - # packages = grub2,grubby - - # Ensure the kernel command line for each installed kernel in the bootloader -diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template -index 88e846697..a329cbe76 100644 ---- a/shared/templates/kernel_module_disabled/ansible.template -+++ b/shared/templates/kernel_module_disabled/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template -index df7229bc4..d6dc65bff 100644 ---- a/shared/templates/kernel_module_disabled/bash.template -+++ b/shared/templates/kernel_module_disabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/kernel_module_disabled/kubernetes.template b/shared/templates/kernel_module_disabled/kubernetes.template -index c77cebfbb..2820e9745 100644 ---- a/shared/templates/kernel_module_disabled/kubernetes.template -+++ b/shared/templates/kernel_module_disabled/kubernetes.template -@@ -1,5 +1,5 @@ - --- --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh -index 8a1319eed..fb20c3b4a 100644 ---- a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh -+++ b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu - - echo > /etc/modprobe.d/{{{ KERNMODULE }}}.conf - echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf -diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template -index fdcb4ee3e..0d1d8dc24 100644 ---- a/shared/templates/mount/anaconda.template -+++ b/shared/templates/mount/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template -index 56617467d..3cdacd4db 100644 ---- a/shared/templates/mount/blueprint.template -+++ b/shared/templates/mount/blueprint.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - - [[customizations.filesystem]] - mountpoint = "{{{ MOUNTPOINT }}}" -diff --git a/shared/templates/mount/kickstart.template b/shared/templates/mount/kickstart.template -index fc2bdebd7..3c7833aa7 100644 ---- a/shared/templates/mount/kickstart.template -+++ b/shared/templates/mount/kickstart.template -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - - logvol {{{ MOUNTPOINT }}} {{{ MIN_SIZE_MB }}} -diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template -index 083b0ef00..14f7018a9 100644 ---- a/shared/templates/mount_option/anaconda.template -+++ b/shared/templates/mount_option/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template -index 8665fb913..07cd9e3ad 100644 ---- a/shared/templates/mount_option_removable_partitions/anaconda.template -+++ b/shared/templates/mount_option_removable_partitions/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template -index 0ac55f51f..dd0bcddea 100644 ---- a/shared/templates/package_installed/anaconda.template -+++ b/shared/templates/package_installed/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template -index 65c48d381..ee1e6386d 100644 ---- a/shared/templates/package_installed/bash.template -+++ b/shared/templates/package_installed/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_installed/kickstart.template b/shared/templates/package_installed/kickstart.template -index be0fc1de8..8284a5711 100644 ---- a/shared/templates/package_installed/kickstart.template -+++ b/shared/templates/package_installed/kickstart.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template -index 489f9bb0f..0120d927c 100644 ---- a/shared/templates/package_removed/anaconda.template -+++ b/shared/templates/package_removed/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template -index 486ebbbdc..963412bac 100644 ---- a/shared/templates/package_removed/kickstart.template -+++ b/shared/templates/package_removed/kickstart.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh -index 67c1b593b..74bb77abe 100644 ---- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh -+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # variables = var_accounts_passwords_pam_faillock_deny=3 - -diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh -index e3ec96da0..56c6b75f3 100644 ---- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh -+++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # packages = authselect - # remediation = none - # variables = var_accounts_passwords_pam_faillock_deny=3 -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh -index 0fa452ba0..8e9abbe3a 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh -index 54804685b..1c4b4f3e1 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh -index 1ba8e0cda..02f0e77e9 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh -index 321df77d9..756bdb524 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh -index dc362ae00..36867bb2b 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh -index 4aef9fb84..0b7cbcd5f 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh -index 203f640f5..a127500e8 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh -index f623b6be4..8d4399023 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh -index c825c0b08..746d6dfa4 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh -index a8e723bee..a1e6b245c 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh -index d3f639a2b..b5d757274 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh -index d3be7ffc3..5b4b11307 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh -index c1c5758d8..3e7441a4a 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh -index 3d3bbbd8e..ae10153cd 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh -index 868318728..d744d549d 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh -index 96e9ddaf3..8c8a59a3a 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh -index ec9296694..6bd64894b 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh -index 9dcbe0c2e..b7f6323c9 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh -index dc9ea0eef..9c6694804 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh -index 6acb37ad7..d235e6249 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh -index abdb09c48..9cc24d061 100755 ---- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh -+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle - - # Declare variables used for the tests and define the create_rsyslog_test_logs function - source $SHARED/rsyslog_log_utils.sh -diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template -index a17337508..1e9769b17 100644 ---- a/shared/templates/sebool/ansible.template -+++ b/shared/templates/sebool/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template -index 7bc1bd15d..b5534afd7 100644 ---- a/shared/templates/sebool/bash.template -+++ b/shared/templates/sebool/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template -index c8b6826b2..6bbb8eb2a 100644 ---- a/shared/templates/service_disabled/bash.template -+++ b/shared/templates/service_disabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/service_disabled/kickstart.template b/shared/templates/service_disabled/kickstart.template -index d1e39ae29..7ecd5523e 100644 ---- a/shared/templates/service_disabled/kickstart.template -+++ b/shared/templates/service_disabled/kickstart.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template -index 1ab456524..724e7b779 100644 ---- a/shared/templates/service_disabled/kubernetes.template -+++ b/shared/templates/service_disabled/kubernetes.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template -index 00fd1ee2f..2d99ec854 100644 ---- a/shared/templates/service_enabled/bash.template -+++ b/shared/templates/service_enabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/service_enabled/kickstart.template b/shared/templates/service_enabled/kickstart.template -index 451af774a..27ac615a2 100644 ---- a/shared/templates/service_enabled/kickstart.template -+++ b/shared/templates/service_enabled/kickstart.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh -index 7db352eda..0c07614e5 100644 ---- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh -+++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu -+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_ubuntu - - source common.sh - -diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh -index e0cd64de1..2b87db594 100644 ---- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh -+++ b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu -+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_ubuntu - - mkdir -p /etc/ssh/sshd_config.d - touch /etc/ssh/sshd_config.d/nothing -diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh -index fd2cfeb10..d43541136 100644 ---- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh -+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu -+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_ubuntu - - SSHD_PARAM={{{ PARAMETER }}} - SSHD_VAL={{{ VALUE }}} -diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh -index 2322e1d7c..c727f8d43 100644 ---- a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh -+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu -+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_ubuntu - - SSHD_PARAM={{{ PARAMETER }}} - SSHD_VAL={{{ VALUE }}} -diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh -index 1810d779a..802e6f5c3 100644 ---- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh -+++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - --# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu -+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux 10,multi_platform_ubuntu - - SSHD_PARAM={{{ PARAMETER }}} - SSHD_VAL="bad_val" -diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template -index 887adae43..b4395c5a7 100644 ---- a/shared/templates/sysctl/bash.template -+++ b/shared/templates/sysctl/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/systemd_mount_enabled/anaconda.template b/shared/templates/systemd_mount_enabled/anaconda.template -index 42ec0778d..475010b6a 100644 ---- a/shared/templates/systemd_mount_enabled/anaconda.template -+++ b/shared/templates/systemd_mount_enabled/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/ssg/constants.py b/ssg/constants.py -index 7f8910743..9d5b185e6 100644 ---- a/ssg/constants.py -+++ b/ssg/constants.py -@@ -40,6 +40,7 @@ SSG_REF_URIS = { - product_directories = [ - 'alinux2', - 'alinux3', -+ 'almalinux10', - 'anolis8', - 'anolis23', - 'al2023', -@@ -201,6 +202,7 @@ PKG_MANAGER_TO_CONFIG_FILE = { - FULL_NAME_TO_PRODUCT_MAPPING = { - "Alibaba Cloud Linux 2": "alinux2", - "Alibaba Cloud Linux 3": "alinux3", -+ "AlmaLinux 10": "almalinux10", - "Anolis OS 8": "anolis8", - "Anolis OS 23": "anolis23", - "Amazon Linux 2023": "al2023", -@@ -281,7 +283,7 @@ REFERENCES = dict( - ) - - --MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", -+MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu", - "openeuler", - "opensuse", "sle", "ol", "ocp", "rhcos", - "example", "eks", "alinux", "uos", "anolis", "openembedded", "al", -@@ -289,6 +291,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", - - MULTI_PLATFORM_MAPPING = { - "multi_platform_alinux": ["alinux2", "alinux3"], -+ "multi_platform_almalinux": ["almalinux10"], - "multi_platform_anolis": ["anolis8", "anolis23"], - "multi_platform_debian": ["debian11", "debian12"], - "multi_platform_example": ["example"], -@@ -413,6 +416,7 @@ XCCDF_PLATFORM_TO_PACKAGE = { - # _version_name_map = { - MAKEFILE_ID_TO_PRODUCT_MAP = { - 'alinux': 'Alibaba Cloud Linux', -+ 'almalinux': 'AlmaLinux', - 'anolis': 'Anolis OS', - 'chromium': 'Google Chromium Browser', - 'fedora': 'Fedora', -diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml -index ff0b30f03..0116294f1 100644 ---- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml -+++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml -index 1c1560a86..fc86b614e 100644 ---- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml -+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh -index 10ecee505..3d3098f4e 100644 ---- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh -+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh -index 5a2bc1005..c3dfe6dce 100644 ---- a/tests/unit/ssg_test_suite/data/correct.pass.sh -+++ b/tests/unit/ssg_test_suite/data/correct.pass.sh -@@ -1,6 +1,6 @@ - #!/bin/bash - # packages = sudo,authselect --# platform = multi_platform_rhel,Fedora -+# platform = multi_platform_rhel,multi_platform_almalinux,Fedora - # profiles = xccdf_org.ssgproject.content_profile_cis - # check = oval - # remediation = none diff --git a/files/scap-security-guide-add-almalinux10-product.patch b/files/scap-security-guide-add-almalinux10-product.patch new file mode 100644 index 0000000..4313eae --- /dev/null +++ b/files/scap-security-guide-add-almalinux10-product.patch @@ -0,0 +1,5454 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index a31014247..378b66c5a 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -90,7 +90,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + option(SSG_PRODUCT_AL2023 "If enabled, the Amazon Linux 2023 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +-option(SSG_PRODUCT_ALMALINUX9 "If enabled, the AlmaLinux OS 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ALMALINUX10 "If enabled, the AlmaLinux OS 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -328,7 +328,7 @@ message(STATUS "Products:") + message(STATUS "Amazon Linux 2023: ${SSG_PRODUCT_AL2023}") + message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") + message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") +-message(STATUS "AlmaLinux OS 9: ${SSG_PRODUCT_ALMALINUX9}") ++message(STATUS "AlmaLinux OS 10: ${SSG_PRODUCT_ALMALINUX10}") + message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") + message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") +@@ -394,8 +394,8 @@ endif() + if(SSG_PRODUCT_ALINUX3) + add_subdirectory("products/alinux3" "alinux3") + endif() +-if(SSG_PRODUCT_ALMALINUX9) +- add_subdirectory("products/almalinux9" "almalinux9") ++if(SSG_PRODUCT_ALMALINUX10) ++ add_subdirectory("products/almalinux10" "almalinux10") + endif() + if(SSG_PRODUCT_ANOLIS8) + add_subdirectory("products/anolis8" "anolis8") +diff --git a/build_product b/build_product +index 90b25237e..4e4ffe3d9 100755 +--- a/build_product ++++ b/build_product +@@ -364,7 +364,7 @@ all_cmake_products=( + AL2023 + ALINUX2 + ALINUX3 +- ALMALINUX9 ++ ALMALINUX10 + ANOLIS23 + ANOLIS8 + CHROMIUM +diff --git a/controls/anssi.yml b/controls/anssi.yml +index 86b84a044..2d04a7814 100644 +--- a/controls/anssi.yml ++++ b/controls/anssi.yml +@@ -806,10 +806,8 @@ controls: + ANSSI doesn't specify the length of the inactivity period, we are choosing 10 minutes as reasonable number. + status: automated + rules: +- {{% if "rhel" in product or "ol" in families %}} + - logind_session_timeout + - var_logind_session_timeout=10_minutes +- {{% endif %}} + - accounts_tmout + - var_accounts_tmout=10_min + +@@ -1246,7 +1244,7 @@ controls: + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_oracle_gpgkey_installed + - ensure_almalinux_gpgkey_installed + +@@ -1298,10 +1296,6 @@ controls: + - package_rsh_removed + - package_rsh-server_removed + - package_sendmail_removed +- {{%- if "rhel" not in product %}} +- - package_talk_removed +- - package_talk-server_removed +- {{%- endif %}} + - package_telnet_removed + - package_telnet-server_removed + - package_tftp_removed +diff --git a/controls/cis_almalinux9.yml b/controls/cis_almalinux9.yml +index 4591f52c6..670d0b14f 100644 +--- a/controls/cis_almalinux9.yml ++++ b/controls/cis_almalinux9.yml +@@ -360,7 +360,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml +index 8a3fd6b86..e1a46a905 100644 +--- a/controls/cis_rhel10.yml ++++ b/controls/cis_rhel10.yml +@@ -303,7 +303,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml +index 05152b5b8..fa73354e0 100644 +--- a/controls/cis_rhel8.yml ++++ b/controls/cis_rhel8.yml +@@ -353,7 +353,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml +index 017acb8d4..d97bb7c0b 100644 +--- a/controls/cis_rhel9.yml ++++ b/controls/cis_rhel9.yml +@@ -360,7 +360,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/e8.yml b/controls/e8.yml +index dac6a8c85..640cd37c0 100644 +--- a/controls/e8.yml ++++ b/controls/e8.yml +@@ -24,7 +24,7 @@ controls: + - service_avahi-daemon_disabled + - package_squid_removed + - service_squid_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_globally_activated +diff --git a/controls/hipaa.yml b/controls/hipaa.yml +index 27895b700..a34683373 100644 +--- a/controls/hipaa.yml ++++ b/controls/hipaa.yml +@@ -167,7 +167,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + status: automated +@@ -1388,7 +1388,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + status: automated +@@ -1419,7 +1419,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + status: automated +@@ -1439,7 +1439,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + status: automated +@@ -1720,7 +1720,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + status: automated +diff --git a/controls/ospp.yml b/controls/ospp.yml +index 505f7b2a7..e67bf76d1 100644 +--- a/controls/ospp.yml ++++ b/controls/ospp.yml +@@ -447,7 +447,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: FPT_TUD_EXT.2 +@@ -461,7 +461,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: FPT_TST_EXT.1 +diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml +index 1bdd27a73..111e3a773 100644 +--- a/controls/pcidss_4.yml ++++ b/controls/pcidss_4.yml +@@ -1555,7 +1555,7 @@ controls: + - base + status: automated + rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_almalinux_gpgkey_installed + - ensure_gpgcheck_globally_activated +diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml +index f66299e6f..5448dee70 100644 +--- a/controls/stig_rhel9.yml ++++ b/controls/stig_rhel9.yml +@@ -382,7 +382,7 @@ controls: + - medium + title: RHEL 9 must ensure cryptographic verification of vendor software packages. + rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: RHEL-09-214015 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml +index bdf3015c4..658327033 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +index 7c8e520c1..e5c1d9d93 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +index 639d76a21..7f4d463d6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +index 083a612a0..3228b89b7 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh +index 536e45f3a..6fc5182e2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh +index e1aedcc12..041b3a99a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh +index 19e56d957..62dc263da 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh +index 03066622a..00b22dffc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh +index 5997a0f4b..f8b934477 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh +index 6614a0151..2d8a70c4d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh +index ca6cb501c..6e94b709f 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh +index 4cf3be21b..634990a72 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh +index a943dcd2f..5a5c849c4 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh +index a3feca25d..eb3da476b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh +index 4cee4cfb3..09d901e81 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh +index b15a095da..44c6a0115 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_accounts_passwords_pam_faillock_dir=/var/run/faillock + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +index 48bf48bd2..0c9d7c81e 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +index 5d91bba64..5d53ea73c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +index 92186611b..ee66ac9dc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +index 7e041ef90..1d5b3127b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh +index a6592b8e1..9962409ea 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +index d5c338857..af5946007 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + # augenrules is default for rhel7 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +index 0a16a0c50..8a4e1608a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = audit + # remediation = none +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /tmp/privileged.rules + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh +index adbf71ccf..cac9509dd 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +index 2f01315e0..0fcf5d593 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +index 2c3c6124c..0e5ad3011 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +index ee2c9ce79..cabf11a5b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +index b6fd7bf89..ee7c90bfd 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + # change key of rules for binaries in /usr/sbin +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh +index 6ef31d987..2da0682e0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +index a45b84843..f4e964bc1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + . $SHARED/partition.sh + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh +index 1f42f8652..e2dbd9bd9 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +index e58060ff7..556cd112a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules + echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +index 8f3c02693..0d251f46b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules + echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +index 2dba37605..c9684121a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +index 6c114c13c..5c5f7185c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +index f4fff8181..6c379ca01 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +index 26d02c24e..28daa9106 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +index 889f83178..7896d4cb1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +index 8b2377d44..39c2bba69 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml +index 9c5b7d2eb..cae43ea29 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh +index d0626b7aa..71cc2ea03 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml +index 323a798b1..46fad7416 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +index 336beb2b7..26c47e462 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +index 49c97e395..51f48c0f9 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +index ec76157d4..0f9e9f7cc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +index 3f43030e9..85e9a47c8 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +index 8a58bbc38..1a73014dc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +index 09d4e8ff5..6a8e8bdab 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + groupadd group_test + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +index 6f19e15c6..b1d995c61 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + if grep -iwq "log_file" /etc/audit/auditd.conf; then + FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh +index cf4b02b90..cd69f17c2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + if grep -iwq "log_file" /etc/audit/auditd.conf; then + FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +index 55f407e01..b9084af21 100644 +--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml +index b14a9d1ea..74f04b3a8 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml +@@ -28,7 +28,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml +index f29a4afc6..26ac0688c 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml +index 412c67f15..ec1467404 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +index 413293083..3f8c50a39 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml +index 07f1995d3..52c72adfa 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml +@@ -27,7 +27,7 @@ severity: medium + + # on RHEL9 there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml +index 1d08bae3a..3e2300448 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml +index 372b7c27c..4e2ce77e9 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +index f62426900..bd3ddd10a 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml +index 6e54357fb..b1663bbfc 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml +@@ -36,7 +36,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml +index c26dc39be..d32b854fd 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml +index 08c8dc855..e9277f263 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml +index 8f2967b86..706785506 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml +@@ -30,7 +30,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +index dab3d0eaa..620596c44 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml +index fd0c14485..522cd62c6 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml +@@ -28,7 +28,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml +index 22d3990f0..ed4f8bce8 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml +index 2fb2c25aa..e182781c4 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +index bff04fe4c..a56d7f18f 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml +index de80eee5e..e39913cf3 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml +@@ -26,7 +26,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml +index 37b8b3676..d1be71273 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete +diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml +index a46066d62..731636c7f 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete""" -%}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +index ff5e61676..f7012bed2 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +index 2d9279849..ec6477378 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml +index b3c3f4df7..9c19a1ff9 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml +@@ -36,7 +36,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml +index dae466002..527bc8489 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml +index f07ff3607..62de7826c 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +index c6f796967..7a6e545c4 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml +index eb6c21648..dfa82788f 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml +@@ -31,7 +31,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml +index 212ec4ba5..62e1ee6de 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml +index 92310b977..e76e314a6 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +index f8cd8b73d..090554c02 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml +index 4cf215813..fc0b7d504 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml +@@ -27,7 +27,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml +index 231034a9c..460877cec 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +index 96ee57492..09bfe412b 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml +index c40951368..a0c8c7f2c 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml +@@ -149,7 +149,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml +index ac946bfe0..7480f574f 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml +index 23940aca3..8775144da 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml +index da5675b52..2ee9f197f 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml +@@ -28,7 +28,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml +index acad2197a..787a24e43 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml +@@ -26,7 +26,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml +index c3dc80d3e..2cbe6ab54 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml +@@ -28,7 +28,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml +index b4d600325..b2e6f4f3c 100644 +--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml ++++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml +@@ -26,7 +26,7 @@ severity: medium + + # on RHEL9+ there are rules which cover particular hardware architectures + # so do not apply this rule but apply the specific one instead +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + platforms: + - not aarch64_arch and not ppc64le_arch + {{% endif %}} +diff --git a/linux_os/guide/services/base/service_kdump_disabled/kickstart/shared.cfg b/linux_os/guide/services/base/service_kdump_disabled/kickstart/shared.cfg +index 166a20b8e..1d95807b6 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/kickstart/shared.cfg ++++ b/linux_os/guide/services/base/service_kdump_disabled/kickstart/shared.cfg +@@ -1,3 +1,3 @@ +-# platform = Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10 + kdump disable + service disable kdump +diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml +index 1e53d881f..a73066e7d 100644 +--- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml ++++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml +@@ -1,4 +1,4 @@ +-{{% if product in [ "ol9", "ol10", "rhel8", "rhel9", "rhel10", "sle12", "sle15"] %}} ++{{% if product in [ "ol9", "ol10", "rhel8", "rhel9", "rhel10", "almalinux10", "sle12", "sle15"] %}} + {{% set package_name = "cronie" %}} + {{% else %}} + {{% set package_name = "cron" %}} +diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml +index 7977cba9f..2eb30f0d2 100644 +--- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml +@@ -1,4 +1,4 @@ +-{{% if product in ["rhel8", "rhel9", "rhel10"] %}} ++{{% if product in ["rhel8", "rhel9", "rhel10", "almalinux10"] %}} + {{% set service_name = "crond" %}} + {{% else %}} + {{% set service_name = "cron" %}} +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml +index a0330236a..89efc61e4 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh +index 001ead7d6..1fc220d8a 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian + + {{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}} + +diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh +index 4963780f8..c3bc5b0de 100644 +--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + +diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh +index fdfe38968..92a468e1e 100644 +--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +index c435df983..b80ffbf7b 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +index c435df983..b80ffbf7b 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +index c435df983..b80ffbf7b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +index a7d291916..c1802d791 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = chrony + # variables = var_time_service_set_maxpoll=16 +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +index f6da9d51f..2eeff701b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = chrony + # variables = var_time_service_set_maxpoll=16 +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +index c435df983..b80ffbf7b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +index c435df983..b80ffbf7b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +index a66068605..f25b95045 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +index 9e1f01f53..d7d4c2651 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + ###################################################################### + #By Luke "Brisk-OH" Brisk + #luke.brisk@boeing.com or luke.brisk@gmail.com +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +index ca07eef0e..9a56d0833 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel ++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +index c54b259d0..78a682cc8 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel ++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +index 5a97f74df..104b27f3f 100644 +--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh +index 31c4683c8..b03ae1453 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + mkdir -p /etc/ssh/sshd_config.d +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +index 261bbb8ff..b66ad7305 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +@@ -19,7 +19,7 @@ description: |- + Also add or update "pam_sss.so" line in auth section of "/etc/pam.d/smartcard-auth" file to + include the "allow_missing_name" option, like in the following example: + 
/etc/pam.d/smartcard-auth:auth sufficient pam_sss.so allow_missing_name
+- {{% elif product in ["rhel10"] %}}. ++ {{% elif product in ["rhel10", "almalinux10"] %}}. + Ensure you are using the sssd authselect profile with the with-smartcard feature enabled. + {{% endif %}} + +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh +index 20d721658..2a4422daf 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + SSSD_FILE="/etc/sssd/sssd.conf" +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh +index ba800bcea..10d4d2975 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh +index afd575dd8..a76a1a423 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh +index 05ecf8a8a..654864a62 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/conf.d/unused.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh +index 9758d9bda..998600da6 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh +index eb58f3dcf..4e4cc0fa0 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh +index 262abd276..c6f2babd7 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/conf.d/unused.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh +index d3fc7375f..2c189f569 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh +index 456f06484..e6fb4c857 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + SSSD_FILE="/etc/sssd/sssd.conf" + rm -f $SSSD_FILE +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +index e0bdca6be..9ce5132f6 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle ++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + systemctl set-default multi-user.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +index 9ec0cae93..4487412e5 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle ++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +index 3df966d45..25eb0ca24 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + + systemctl set-default graphical.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +index d3da2f113..a90d73d4b 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + + ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml +index c2feb1fbc..116c6cde5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + metadata: +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh +index 6a271415e..db0169ab1 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ncp + # packages = dconf,gdm + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +index 814770179..c8048d4c7 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_stig + # packages = dconf,gdm + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh +index 39efbc8ba..fd836684b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_stig + # packages = dconf,gdm + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh +index 7c4c9bb29..477057df2 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_stig + # packages = dconf,gdm + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh +index 4abed18e2..609a92b7e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + authselect create-profile test_profile -b sssd + authselect select "custom/test_profile" --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh +index 077479b8a..7be653143 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + authselect create-profile test_profile -b sssd + authselect select "custom/test_profile" --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh +index 4abed18e2..609a92b7e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + authselect create-profile test_profile -b sssd + authselect select "custom/test_profile" --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh +index 077479b8a..7be653143 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + authselect create-profile test_profile -b sssd + authselect select "custom/test_profile" --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh +index 2ba38d0ad..bdd471cdc 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + source common.sh + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh +index bcfa1a721..2cb77dd13 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + source common.sh + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh +index 7a6fcb555..8dbcb0b0e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + pam_files=("password-auth" "system-auth") + +diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh +index e82ecb7f5..7386d3217 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Package libpwquality cannot be uninstalled normally + # as it would cause removal of sudo package which is +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +index c61f9b6d5..e7cccaed5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_retry=3 + + source common.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +index 601d32759..bc4453182 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_retry=3 + + source common.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh +index e4f1de0cc..18be59047 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_retry=3 + + source common.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh +index d70521e76..d24de47b6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_retry=3 + + source common.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +index dc7fe32d1..3313d5dea 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_retry=3 + + source common.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh +index ee1213c2d..c2aca7ae1 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh +index 8d6be38f4..ce2bcce19 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh +index 13f217f02..efb422075 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh +index 5632949e2..fbfe8a0a4 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + # remediation = none + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh +index 7f6ff9a97..581c81c47 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh +index 10a02eb86..77029c277 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh +index 264df72f1..725cd27ab 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh +index c5e65c44e..8d606b5ea 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh +index c61e9828d..652f95adb 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh +index 6499ed205..c94da4ca0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + # remediation = none + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh +index 6b5b5767a..01fafdbb9 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh +index a1a9ec1ec..c273c78f4 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # variables = var_password_hashing_algorithm_pam=sha512 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +index 3045574e5..7ce6bb466 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +index 517c83c6e..041e9a29c 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +index f8c47e96a..d0aaabaf7 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + systemctl disable --now ctrl-alt-del.target + systemctl mask --now ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +index 41eed9737..992dc2304 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + systemctl unmask ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh +index 19345cfcf..374e76ec6 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + rm -f /etc/systemd/system/emergency.service + mkdir -p /etc/systemd/system/emergency.service.d/ + cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh +index da0d857f6..a7d75247c 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + rm -f /etc/systemd/system/emergency.service + mkdir -p /etc/systemd/system/emergency.service.d/ + cat << EOF > /etc/systemd/system/emergency.service.d/10-oscap.conf +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh +index 07b8e331a..850cd60d9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + rm -rf /etc/systemd/system/rescue.service.d + mkdir -p /etc/systemd/system/rescue.service.d + cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +index f735f3270..027fbbe3d 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh +index 4557b0512..043753f03 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + rm -rf /etc/systemd/system/rescue.service.d + mkdir -p /etc/systemd/system/rescue.service.d +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml +index 75395cf61..1dcee69f3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml +index f47326940..42d591752 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +index dc63eb653..dc6931307 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh +index 0b31379f0..778d63d74 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + echo 'bind W lock-session' >> '/etc/tmux.conf' + chmod 0644 "/etc/tmux.conf" +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh +index e38203195..55a8aff57 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = tmux + + echo 'bind X lock-session' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh +index 45458b6f2..87e6ded51 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = tmux + + echo > '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh +index 93ed8cbf4..bff755146 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = tmux + + echo '# bind X lock-session' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh +index da006625e..8e02e36e8 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = tmux + + echo 'bind X lock-session' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +index 6b2d6cd5e..c20712c9f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml +index 08b89bf8f..cea27ab4d 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh +index 8d59d36d3..526165afe 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + # packages = openssl-pkcs11,libpam-pkcs11 + + if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml +index ebcb5ac04..674369a42 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh +index 7bdb759f6..dd157f1e3 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_debian + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh +index ba82e5ddb..ddbac0bcf 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + # Remediation doesn't fix the rule, only locks passwords + # of non-root accounts with uid 0. + # remediation = none +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml +index 987fb5d8b..8b5d81151 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh +index df4c8338b..481ceb571 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +index 8f87bf06e..6bed5ef5a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml +index 9bbbb9585..766df9993 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh +index cb7530b38..c33fd385c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}} + + PAM_CONF=/etc/pam.d/su +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +index d3798de62..19761e09d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +index da628bc5e..90f23cb90 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh +index 7ea0f9bcf..c975769f8 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + + # remediation = none +-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,multi_platform_ubuntu,multi_platform_sle ++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu,multi_platform_sle + + . $SHARED/grub2.sh + +diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml +index 892523fc4..9fbba1ccb 100644 +--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml ++++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml +index 82b0d0651..e1c9ecdd5 100644 +--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml ++++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml +@@ -11,7 +11,7 @@ + test_ref="test_logrotate_conf_no_other_keyword" /> + + +-{{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "sle12", "sle15", "slmicro5"] %}} ++{{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5"] %}} + + {{% endif %}} + +@@ -54,7 +54,7 @@ + 1 + + +- {{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "sle12", "sle15", "slmicro5"] %}} ++ {{% if product in ["ol9", "rhcos4", "rhel9", "rhel10", "almalinux10", "sle12", "sle15", "slmicro5"] %}} + +diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh +index 94cb0e893..d13183224 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh ++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + # check-import = stdout + + result=$XCCDF_RESULT_PASS +diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh +index b2a8e350c..e97d0f4a5 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh ++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + # check-import = stdout + + result=$XCCDF_RESULT_PASS +diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh +index cfb1cd690..a89ef4dcc 100644 +--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh ++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + mkdir -p "/etc" + filepath="/etc/os-release" +diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh +index 52c2500cb..702369f66 100644 +--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh ++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.2.notapplicable.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + mkdir -p "/etc" + filepath="/etc/os-release" +diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh +index 207bfac32..f5e12fe63 100644 +--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh ++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/tests/rhel9.notapplicable.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + mkdir -p "/etc" + filepath="/etc/os-release" +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +index 87306fedb..88e2884bc 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +index 8792fc668..2c7c4b025 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +index e222b1c88..85b92ce90 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +index 4ed2c480c..f59b6d7c3 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +index 845b013ed..063776b85 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +index e2951d845..0335df123 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +index 6bb6de134..1f0664a02 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +index b3d72bb4a..b89b8a35a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +index 70e767cc4..fbe1a27a2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +index c64da37a3..08535e5a1 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +index 8b075d55e..0dd17a34b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +index 2bfbd9e46..8ea37100a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +index aa7d1562b..08668d03c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +index 3a60ab17c..728ddb817 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +index b6e53de36..0b652c7cf 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +index aeb67c4e0..f47a8ab67 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +index 52d74441b..08c8c256d 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +index 9e3a85af9..d4f4d31cb 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +index 0c8dae788..a26df0c5a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +index ea1db12fe..5d8b19f68 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +index b54e3d12b..125464d7a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh +index 89d344c4f..1a926adaa 100644 +--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh ++++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + # check-import = stdout + + tbl_output=$(nft list tables | grep inet) +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh +index af967f535..4847d0c3c 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64 + do +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh +index 1fd8fe347..5dc9e9538 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + groupadd group_test + for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +index b0d594003..4a71eccda 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +index 5ce0decba..b7a4243e4 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +index 59e39270d..5c154d333 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Delete particular /etc/fstab's row if /var/tmp is already configured to + # represent a mount point (for some device or filesystem other than /tmp) +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +index d94802273..554e34e00 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +index d94802273..554e34e00 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +index 41cbd1197..481afa583 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +index 415b0486d..02b1e991a 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +index 7a4c107b2..22e209120 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +index 88c683445..fa9b2020d 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +index a94218c1b..95b2046e0 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +@@ -12,7 +12,7 @@ rationale: |- + + severity: medium + +-{{% if product in ["rhel9", "rhel10"] %}} ++{{% if product in ["rhel9", "rhel10", "almalinux10"] %}} + conflicts: + - sysctl_kernel_core_pattern_empty_string + {{% endif %}} +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +index 36e025cc3..e97acde11 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +index 505b3c12b..cdf18e6dd 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +index 0541e59a7..50020c28c 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +index 2e24d9211..7b706bb32 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh +index c9de45e02..d4a930ddb 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh +index 77ebd1e1d..48b035c6a 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh +index 99fb0ec06..0ca16d69a 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh +index ec71c16c9..ce38e3a6e 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +index ceafd4839..7006e2066 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +index 7519b7740..af6c30abd 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +index fdd4fb83e..3274d5b36 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh +index 9558acad7..52cc0a789 100644 +--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh ++++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Package libselinux cannot be uninstalled normally + # as it would cause removal of sudo package which is +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +index 24223598f..5503047c7 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +@@ -4,7 +4,7 @@ + The operating system installed on the system is supported by a vendor that provides security patches. + ") }}} + +- ++ + + + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml +index dd096ab41..b180ed3b3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +index 8a4fd001c..72305d4a7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # packages = crypto-policies-scripts + + # IMPORTANT: This is a false negative scenario. +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +index 86f92f01d..446899d74 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # packages = crypto-policies-scripts + + update-crypto-policies --set "DEFAULT" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +index eabefa55c..77fef76c7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +index 311b8ef26..105040173 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +index adfd91745..282d77221 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +index 4437e369a..a35996eba 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh +index d0a400adf..1f0cf1317 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = crypto-policies-scripts +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol + {{% if 'rhel' in product %}} + # remediation = none + {{% endif %}} +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh +index b92e82236..138d2c997 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = crypto-policies-scripts +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol + + fips-mode-setup --enable + FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" +diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh +index f8b112e1a..33a266be6 100644 +--- a/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh ++++ b/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Package libselinux cannot be uninstalled normally + # as it would cause removal of sudo package which is +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml +index e43ee7994..8b41b5d93 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8 + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml +index 1c68a6ec3..fa8f50b84 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8 + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml +index af72a7d18..8f5a02c51 100644 +--- a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = enable + # complexity = low +diff --git a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh +index eb390cd1f..ac318fa9a 100644 +--- a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + function replace_all_gpgcheck { + sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml +index add0cd7dd..1cf05952d 100644 +--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml +@@ -13,7 +13,7 @@ + + - name: Read signatures in GPG key + # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10 +- ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9" ++ ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10" + changed_when: False + register: gpg_fingerprints + check_mode: no +@@ -30,9 +30,9 @@ + - name: Import AlmaLinux GPG key + ansible.builtin.rpm_key: + state: present +- key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 ++ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 + when: + - gpg_key_directory_permission.stat.mode <= '0755' + - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0 + - gpg_installed_fingerprints | length > 0 +- - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "9" ++ - ansible_distribution == "AlmaLinux" and ansible_distribution_version == "10" +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +index f78a6fb82..10b7819c4 100644 +--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +@@ -2,7 +2,7 @@ + readonly ALMALINUX_RELEASE_FINGERPRINT="{{{ release_key_fingerprint }}}" + + # Location of the key we would like to import (once it's integrity verified) +-readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9" ++readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10" + + RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")") + +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +index e9c73de58..c60a1b027 100644 +--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +@@ -8,7 +8,7 @@ description: |- + come from AlmaLinux (and to connect to the AlmaLinux repositories to + receive them), the AlmaLinux GPG key must be properly installed. To install + the AlmaLinux GPG key, run: +- 
$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9
++ 
$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10
+ + rationale: |- + Changes to software components can have significant effects on the overall +@@ -41,8 +41,8 @@ ocil: |- + To ensure that the GPG key is installed, run: + 
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
+ The command should return the string below: +- 
AlmaLinux OS 9 <packager@almalinux.org> public key
++ 
AlmaLinux OS 10 <packager@almalinux.org> public key
+ + fixtext: |- + Install {{{ full_name }}} GPG key. Run the following command: +- $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 ++ $ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh +index 87b82cb01..ba588f308 100644 +--- a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/tests/key_installed.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # +-# platform = AlmaLinux OS 9 ++# platform = AlmaLinux OS 10 + +-rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 ++rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 +diff --git a/products/almalinux10/CMakeLists.txt b/products/almalinux10/CMakeLists.txt +new file mode 100644 +index 000000000..1284434a2 +--- /dev/null ++++ b/products/almalinux10/CMakeLists.txt +@@ -0,0 +1,26 @@ ++# Sometimes our users will try to do: "cd almalinux10; cmake ." That needs to error in a nice way. ++if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++set(PRODUCT "almalinux10") ++ ++ssg_build_product(${PRODUCT}) ++ ++ssg_build_html_cce_table(${PRODUCT}) ++ ++ssg_build_html_srgmap_tables(${PRODUCT}) ++ ++if(SSG_SRG_XLSX_EXPORT) ++ ssg_build_xlsx_srg_export(${PRODUCT} "srg_gpos") ++endif() ++ ++#ssg_build_html_stig_tables(${PRODUCT}) ++#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig") ++#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui") ++ ++#ssg_build_html_stig_tables(${PRODUCT} "ospp") ++ ++if(SSG_CENTOS_DERIVATIVES_ENABLED) ++ ssg_build_derivative_product(${PRODUCT} "centos" "cs10") ++endif() +diff --git a/products/almalinux10/overlays/srg_support.xml b/products/almalinux10/overlays/srg_support.xml +new file mode 100644 +index 000000000..6e0a0ab8c +--- /dev/null ++++ b/products/almalinux10/overlays/srg_support.xml +@@ -0,0 +1,173 @@ ++ +diff --git a/products/almalinux10/product.yml b/products/almalinux10/product.yml +new file mode 100644 +index 000000000..a428a42ec +--- /dev/null ++++ b/products/almalinux10/product.yml +@@ -0,0 +1,54 @@ ++product: almalinux10 ++full_name: AlmaLinux OS 10 ++type: platform ++ ++families: ++ - rhel ++ - rhel-like ++ ++major_version_ordinal: 10 ++ ++benchmark_id: ALMALINUX-10 ++benchmark_root: "../../linux_os/guide" ++components_root: "../../components" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "dnf" ++ ++init_system: "systemd" ++ ++# EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig ++ ++sshd_distributed_config: "true" ++bootable_containers_supported: "true" ++ ++dconf_gdm_dir: "distro.d" ++ ++faillock_path: "/var/log/faillock" ++ ++# The fingerprints below are retrieved from https://almalinux.org/security/ ++pkg_release: "668fe8ef" ++pkg_version: "c2a1e572" ++ ++release_key_fingerprint: "EE6DB7B98F5BF5EDD9DA0DE5DEE5C11CC2A1E572" ++oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-10.xml.bz2" ++ ++cpes_root: "../../shared/applicability" ++cpes: ++ - almalinux10: ++ name: "cpe:/o:almalinux:almalinux:10" ++ title: "AlmaLinux OS 10" ++ check_id: installed_OS_is_almalinux10 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" ++ ++reference_uris: ++ cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/' ++ ++ ++journald_conf_dir_path: /etc/systemd/journald.conf.d ++audit_watches_style: modern ++rsyslog_cafile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem +diff --git a/products/almalinux10/profiles/anssi_bp28_enhanced.profile b/products/almalinux10/profiles/anssi_bp28_enhanced.profile +new file mode 100644 +index 000000000..1a013f1de +--- /dev/null ++++ b/products/almalinux10/profiles/anssi_bp28_enhanced.profile +@@ -0,0 +1,87 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ - vojtapolasek ++ ++title: 'ANSSI-BP-028 (enhanced)' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: ++ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system ++ ++selections: ++ - anssi:all:enhanced ++ - var_password_hashing_algorithm_pam=yescrypt ++ # Following rules are incompatible with rhel10 product ++ - '!enable_authselect' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ # RHEL 10 does not support 32 bit architecture ++ - '!install_PAE_kernel_on_x86-32' ++ # the package does not exist in RHEL 10 ++ - '!package_dracut-fips-aesni_installed' ++ # pam_cracklib is not used in RHEL 10 ++ - '!cracklib_accounts_password_pam_lcredit' ++ - '!cracklib_accounts_password_pam_ocredit' ++ - '!cracklib_accounts_password_pam_ucredit' ++ - '!cracklib_accounts_password_pam_minlen' ++ - '!cracklib_accounts_password_pam_dcredit' ++ # umask is configured at a different place in RHEL 10 ++ - '!sudo_add_umask' ++ # Non-Red Hat keys are irrelevant on RHEL 10 ++ - '!ensure_oracle_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ # this rule is not automated anymore ++ - '!security_patches_up_to_date' ++ # There is only chrony package on RHEL 10, no ntpd ++ - '!service_chronyd_or_ntpd_enabled' ++ - 'service_chronyd_enabled' ++ # RHEL 10 unified the paths for grub2 files. These rules are selected in control file by R29. ++ - '!file_groupowner_efi_grub2_cfg' ++ - '!file_owner_efi_grub2_cfg' ++ - '!file_permissions_efi_grub2_cfg' ++ - '!file_groupowner_efi_user_cfg' ++ - '!file_owner_efi_user_cfg' ++ - '!file_permissions_efi_user_cfg' ++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5. ++ - '!grub2_uefi_password' ++ # disable R45: Enable AppArmor security profiles ++ - '!apparmor_configured' ++ - '!all_apparmor_profiles_enforced' ++ - '!grub2_enable_apparmor' ++ - '!package_apparmor_installed' ++ - '!package_pam_apparmor_installed' ++ # these packages do not exist in rhel10 (R62) ++ - '!package_dhcp_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!package_sendmail_removed' ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_xinetd_removed' ++ - '!package_ypbind_removed' ++ - '!package_ypserv_removed' ++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (R73) ++ - '!audit_rules_mac_modification' ++ - audit_rules_mac_modification_etc_selinux ++ # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed ++ - '!accounts_password_pam_retry' ++ # These rules are being modified and they are causing trouble in their current state (R67) ++ - '!sssd_enable_pam_services' ++ - '!sssd_ldap_configure_tls_reqcert' ++ - '!sssd_ldap_start_tls' ++ # These rules are no longer relevant ++ - '!prefer_64bit_os' +diff --git a/products/almalinux10/profiles/anssi_bp28_high.profile b/products/almalinux10/profiles/anssi_bp28_high.profile +new file mode 100644 +index 000000000..d769a2284 +--- /dev/null ++++ b/products/almalinux10/profiles/anssi_bp28_high.profile +@@ -0,0 +1,99 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ - vojtapolasek ++ ++title: 'ANSSI-BP-028 (high)' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: ++ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system ++ ++selections: ++ - anssi:all:high ++ - var_password_hashing_algorithm_pam=yescrypt ++ # the following rule renders UEFI systems unbootable ++ - '!sebool_secure_mode_insmod' ++ # Following rules are incompatible with rhel10 product ++ - '!enable_authselect' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ # RHEL 10 does not support 32 bit architecture ++ - '!install_PAE_kernel_on_x86-32' ++ # this timer does not exist in RHEL 10 ++ - '!aide_periodic_checking_systemd_timer' ++ # the package does not exist in RHEL 10 ++ - '!package_dracut-fips-aesni_installed' ++ # pam_cracklib is not used in RHEL 10 ++ - '!cracklib_accounts_password_pam_lcredit' ++ - '!cracklib_accounts_password_pam_ocredit' ++ - '!cracklib_accounts_password_pam_ucredit' ++ - '!cracklib_accounts_password_pam_minlen' ++ - '!cracklib_accounts_password_pam_dcredit' ++ # umask is configured at a different place in RHEL 10 ++ - '!sudo_add_umask' ++ # Non-Red Hat keys are irrelevant on RHEL 10 ++ - '!ensure_oracle_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ # this rule is not automated anymore ++ - '!security_patches_up_to_date' ++ # There is only chrony package on RHEL 10, no ntpd ++ - '!service_chronyd_or_ntpd_enabled' ++ - 'service_chronyd_enabled' ++ # RHEL 10 unified the paths for grub2 files. These rules are selected in control file by R29. ++ - '!file_groupowner_efi_grub2_cfg' ++ - '!file_owner_efi_grub2_cfg' ++ - '!file_permissions_efi_grub2_cfg' ++ - '!file_groupowner_efi_user_cfg' ++ - '!file_owner_efi_user_cfg' ++ - '!file_permissions_efi_user_cfg' ++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5. ++ - '!grub2_uefi_password' ++ # disable R45: Enable AppArmor security profiles ++ - '!apparmor_configured' ++ - '!all_apparmor_profiles_enforced' ++ - '!grub2_enable_apparmor' ++ - '!package_apparmor_installed' ++ - '!package_pam_apparmor_installed' ++ # these packages do not exist in rhel10 (R62) ++ - '!package_dhcp_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!package_sendmail_removed' ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_xinetd_removed' ++ - '!package_ypbind_removed' ++ - '!package_ypserv_removed' ++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (R73) ++ - '!audit_rules_mac_modification' ++ - audit_rules_mac_modification_etc_selinux ++ # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed ++ - '!accounts_password_pam_retry' ++ # These rules are being modified and they are causing trouble in their current state (R67) ++ - '!sssd_enable_pam_services' ++ - '!sssd_ldap_configure_tls_reqcert' ++ - '!sssd_ldap_start_tls' ++ # These rules are no longer relevant ++ - '!prefer_64bit_os' ++ - '!kernel_config_devkmem' ++ - '!kernel_config_hardened_usercopy_fallback' ++ - '!kernel_config_page_poisoning_no_sanity' ++ - '!kernel_config_page_poisoning_zero' ++ - '!kernel_config_page_table_isolation' ++ - '!kernel_config_refcount_full' ++ - '!kernel_config_retpoline' ++ - '!kernel_config_security_writable_hooks' +diff --git a/products/almalinux10/profiles/anssi_bp28_intermediary.profile b/products/almalinux10/profiles/anssi_bp28_intermediary.profile +new file mode 100644 +index 000000000..11a10d1e0 +--- /dev/null ++++ b/products/almalinux10/profiles/anssi_bp28_intermediary.profile +@@ -0,0 +1,62 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ - vojtapolasek ++ ++title: 'ANSSI-BP-028 (intermediary)' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: ++ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system ++ ++selections: ++ - anssi:all:intermediary ++ - var_password_hashing_algorithm_pam=yescrypt ++ # Following rules are incompatible with rhel10 product ++ - '!enable_authselect' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ # pam_cracklib is not used in RHEL 10 ++ - '!cracklib_accounts_password_pam_minlen' ++ - '!cracklib_accounts_password_pam_ucredit' ++ - '!cracklib_accounts_password_pam_dcredit' ++ - '!cracklib_accounts_password_pam_lcredit' ++ - '!cracklib_accounts_password_pam_ocredit' ++ # umask is configured at a different place in RHEL 10 ++ - '!sudo_add_umask' ++ # Non-Red Hat keys are irrelevant on RHEL 10 ++ - '!ensure_oracle_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ # this rule is not automated anymore ++ - '!security_patches_up_to_date' ++ # these packages do not exist in rhel10 (R62) ++ - '!package_dhcp_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!package_sendmail_removed' ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_xinetd_removed' ++ - '!package_ypbind_removed' ++ - '!package_ypserv_removed' ++ # these rules are failing when they are remediated with Ansible, removing them temporarily until they are fixed ++ - '!accounts_password_pam_retry' ++ # These rules are being modified and they are causing trouble in their current state (R67) ++ - '!sssd_enable_pam_services' ++ - '!sssd_ldap_configure_tls_reqcert' ++ - '!sssd_ldap_start_tls' ++ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5. ++ - '!grub2_uefi_password' +diff --git a/products/almalinux10/profiles/anssi_bp28_minimal.profile b/products/almalinux10/profiles/anssi_bp28_minimal.profile +new file mode 100644 +index 000000000..5833a0cce +--- /dev/null ++++ b/products/almalinux10/profiles/anssi_bp28_minimal.profile +@@ -0,0 +1,54 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ - vojtapolasek ++ ++title: 'ANSSI-BP-028 (minimal)' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ This draft profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++ An English version of the ANSSI-BP-028 can also be found at the ANSSI website: ++ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system ++ ++selections: ++ - anssi:all:minimal ++ - var_password_hashing_algorithm_pam=yescrypt ++ # Following rules are incompatible with rhel10 product ++ - '!enable_authselect' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ # pam_cracklib is not used in RHEL 10 ++ - '!cracklib_accounts_password_pam_minlen' ++ - '!cracklib_accounts_password_pam_ucredit' ++ - '!cracklib_accounts_password_pam_dcredit' ++ - '!cracklib_accounts_password_pam_lcredit' ++ - '!cracklib_accounts_password_pam_ocredit' ++ # Non-Red Hat keys are irrelevant on RHEL 10 ++ - '!ensure_oracle_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ # this rule is not automated anymore ++ - '!security_patches_up_to_date' ++ # these packages do not exist in rhel10 (R62) ++ - '!package_dhcp_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!package_sendmail_removed' ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_xinetd_removed' ++ - '!package_ypbind_removed' ++ - '!package_ypserv_removed' ++ # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed ++ - '!accounts_password_pam_retry' +diff --git a/products/almalinux10/profiles/cis.profile b/products/almalinux10/profiles/cis.profile +new file mode 100644 +index 000000000..32ccfff1f +--- /dev/null ++++ b/products/almalinux10/profiles/cis.profile +@@ -0,0 +1,17 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Server' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet ++ exist at time of the release. ++ ++selections: ++ - cis_rhel10:all:l2_server +diff --git a/products/almalinux10/profiles/cis_server_l1.profile b/products/almalinux10/profiles/cis_server_l1.profile +new file mode 100644 +index 000000000..d43ea6ea1 +--- /dev/null ++++ b/products/almalinux10/profiles/cis_server_l1.profile +@@ -0,0 +1,17 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Server' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet ++ exist at time of the release. ++ ++selections: ++ - cis_rhel10:all:l1_server +diff --git a/products/almalinux10/profiles/cis_workstation_l1.profile b/products/almalinux10/profiles/cis_workstation_l1.profile +new file mode 100644 +index 000000000..27096ea00 +--- /dev/null ++++ b/products/almalinux10/profiles/cis_workstation_l1.profile +@@ -0,0 +1,17 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Workstation' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet ++ exist at time of the release. ++ ++selections: ++ - cis_rhel10:all:l1_workstation +diff --git a/products/almalinux10/profiles/cis_workstation_l2.profile b/products/almalinux10/profiles/cis_workstation_l2.profile +new file mode 100644 +index 000000000..7d905f749 +--- /dev/null ++++ b/products/almalinux10/profiles/cis_workstation_l2.profile +@@ -0,0 +1,17 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - marcusburghardt ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Workstation' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet ++ exist at time of the release. ++ ++selections: ++ - cis_rhel10:all:l2_workstation +diff --git a/products/almalinux10/profiles/default.profile b/products/almalinux10/profiles/default.profile +new file mode 100644 +index 000000000..1616e1bbe +--- /dev/null ++++ b/products/almalinux10/profiles/default.profile +@@ -0,0 +1,33 @@ ++documentation_complete: true ++ ++hidden: true ++ ++title: Default Profile for AlmaLinux OS 10 ++ ++description: |- ++ This profile contains all the rules that once belonged to the rhel10 ++ product. This profile won't be rendered into an XCCDF Profile entity, ++ nor it will select any of these rules by default. The only purpose of ++ this profile is to keep a rule in the product's XCCDF Benchmark. ++ ++selections: ++ - grub2_nousb_argument ++ - audit_rules_kernel_module_loading_create ++ - grub2_uefi_admin_username ++ - grub2_uefi_password ++ - no_tmux_in_shells ++ - package_tmux_installed ++ - configure_tmux_lock_after_time ++ - configure_tmux_lock_command ++ - configure_tmux_lock_keybinding ++ - audit_rules_session_events ++ - enable_authselect ++ - audit_rules_login_events ++ - audit_rules_unsuccessful_file_modification ++ - configure_openssl_tls_crypto_policy ++ - audit_rules_privileged_commands_pt_chown ++ - package_iprutils_removed ++ - service_rlogin_disabled ++ - service_rsh_disabled ++ - service_rexec_disabled ++ - package_scap-security-guide_installed +diff --git a/products/almalinux10/profiles/e8.profile b/products/almalinux10/profiles/e8.profile +new file mode 100644 +index 000000000..e70330c0d +--- /dev/null ++++ b/products/almalinux10/profiles/e8.profile +@@ -0,0 +1,39 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - tjbutt58 ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++title: 'Australian Cyber Security Centre (ACSC) Essential Eight' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ ++ This draft profile contains configuration checks for AlmaLinux OS 10 ++ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. ++ ++ A copy of the Essential Eight in Linux Environments guide can be found at the ++ ACSC website: ++ ++ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++selections: ++ - e8:all ++ - '!enable_authselect' ++ # nosha1 crypto policy does not exist in RHEL 10 ++ - var_system_crypto_policy=default_policy ++ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions. ++ # https://github.com/ComplianceAsCode/content/issues/11285 ++ - '!rpm_verify_permissions' ++ - '!rpm_verify_ownership' ++ # these packages do not exist in RHEL 10 ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_ypbind_removed' ++ - '!package_ypserv_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!security_patches_up_to_date' +diff --git a/products/almalinux10/profiles/hipaa.profile b/products/almalinux10/profiles/hipaa.profile +new file mode 100644 +index 000000000..ee39fc73f +--- /dev/null ++++ b/products/almalinux10/profiles/hipaa.profile +@@ -0,0 +1,68 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - jjaswanson4 ++ ++reference: https://www.hhs.gov/hipaa/for-professionals/index.html ++ ++title: 'Health Insurance Portability and Accountability Act (HIPAA)' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ ++ The HIPAA Security Rule establishes U.S. national standards to protect individuals's ++ electronic personal health information that is created, received, used, or ++ maintained by a covered entity. The Security Rule requires appropriate ++ administrative, physical and technical safeguards to ensure the ++ confidentiality, integrity, and security of electronic protected health ++ information. ++ ++ This draft profile configures AlmaLinux OS 10 to the HIPAA Security ++ Rule identified for securing of electronic protected health information. ++ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). ++ ++selections: ++ - hipaa:all ++ ++ # RHEL 10 uses a different rule for auditing changes to selinux configuration ++ # HIPAA 164.308(a)(1)(ii)(D), 164.308(a)(3)(ii)(A), 164.308(a)(5)(ii)(C), 164.312(a)(2)(i), 164.312(b), 164.312(d) and 164.312(e) ++ - '!audit_rules_mac_modification' ++ - audit_rules_mac_modification_etc_selinux ++ ++ - '!coreos_disable_interactive_boot' ++ - '!coreos_audit_option' ++ - '!coreos_nousb_kernel_argument' ++ - '!coreos_enable_selinux_kernel_argument' ++ - '!dconf_gnome_remote_access_credential_prompt' ++ - '!dconf_gnome_remote_access_encryption' ++ - '!enable_authselect' ++ - '!ensure_suse_gpgkey_installed' ++ - '!ensure_fedora_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ - '!grub2_uefi_admin_username' ++ - '!grub2_uefi_password' ++ - '!service_ypbind_disabled' ++ - '!service_zebra_disabled' ++ - '!package_talk-server_removed' ++ - '!package_talk_removed' ++ - '!sshd_use_approved_macs' ++ - '!sshd_use_approved_ciphers' ++ - '!accounts_passwords_pam_tally2' ++ - '!package_audit-audispd-plugins_installed' ++ - '!auditd_audispd_syslog_plugin_activated' ++ - '!package_ypserv_removed' ++ - '!package_ypbind_removed' ++ - '!package_xinetd_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ - '!package_tcp_wrappers_removed' ++ - '!package_ypbind_removed' ++ - '!package_xinetd_removed' ++ - '!service_xinetd_disabled' ++ - '!sshd_allow_only_protocol2' ++ - '!sshd_disable_kerb_auth' ++ - '!sshd_disable_gssapi_auth' ++ - '!service_rlogin_disabled' ++ - '!service_rsh_disabled' ++ - '!service_rexec_disabled' +diff --git a/products/almalinux10/profiles/ism_o.profile b/products/almalinux10/profiles/ism_o.profile +new file mode 100644 +index 000000000..9021df832 +--- /dev/null ++++ b/products/almalinux10/profiles/ism_o.profile +@@ -0,0 +1,50 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - eliseelk ++ - sashperso ++ - anjuskantha ++ ++reference: https://www.cyber.gov.au/ism ++ ++title: 'Australian Cyber Security Centre (ACSC) ISM Official - Base' ++ ++description: |- ++ This draft profile contains configuration checks for AlmaLinux OS 10 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). ++ ++ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning ++ AlmaLinux OS security controls with the ISM, which can be used to select controls ++ specific to an organisation's security posture and risk profile. ++ ++ A copy of the ISM can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ - ism_o:all:base ++ # these rules do not work properly on RHEL 10 for now ++ - '!enable_authselect' ++ - '!enable_dracut_fips_module' ++ - '!firewalld_sshd_port_enabled' ++ - '!require_singleuser_auth' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ - '!audit_rules_login_events_tallylog' ++ # lastlog is not used in RHEL 10 ++ - '!audit_rules_login_events_lastlog' ++ # this rule is currently failing on some systemd services, probably because of require_emergency_target_auth and require_singleuser_auth rules ++ - '!rpm_verify_hashes' ++ # this rule should not be needed anymore on RHEL 10, but investigation is recommended ++ - '!openssl_use_strong_entropy' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' ++ # This rule is not applicable for RHEL 10 ++ - '!force_opensc_card_drivers' ++ - '!service_chronyd_or_ntpd_enabled' +diff --git a/products/almalinux10/profiles/ism_o_secret.profile b/products/almalinux10/profiles/ism_o_secret.profile +new file mode 100644 +index 000000000..a1ea6e884 +--- /dev/null ++++ b/products/almalinux10/profiles/ism_o_secret.profile +@@ -0,0 +1,52 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - eliseelk ++ - sashperso ++ - anjuskantha ++ ++reference: https://www.cyber.gov.au/ism ++ ++title: 'Australian Cyber Security Centre (ACSC) ISM Official - Secret' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ ++ This draft profile contains configuration checks for AlmaLinux OS 10 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). ++ ++ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning ++ AlmaLinux OS security controls with the ISM, which can be used to select controls ++ specific to an organisation's security posture and risk profile. ++ ++ A copy of the ISM can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ - ism_o:all:secret ++ # these rules do not work properly on RHEL 10 for now ++ - '!enable_authselect' ++ - '!enable_dracut_fips_module' ++ - '!firewalld_sshd_port_enabled' ++ - '!require_singleuser_auth' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ - '!audit_rules_login_events_tallylog' ++ # lastlog is not used in RHEL 10 ++ - '!audit_rules_login_events_lastlog' ++ # this rule is currently failing on some systemd services, probably because of require_emergency_target_auth and require_singleuser_auth rules ++ - '!rpm_verify_hashes' ++ # this rule should not be needed anymore on RHEL 10, but investigation is recommended ++ - '!openssl_use_strong_entropy' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' ++ # This rule is not applicable for RHEL 10 ++ - '!force_opensc_card_drivers' ++ - '!service_chronyd_or_ntpd_enabled' +diff --git a/products/almalinux10/profiles/ism_o_top_secret.profile b/products/almalinux10/profiles/ism_o_top_secret.profile +new file mode 100644 +index 000000000..8c77e37d9 +--- /dev/null ++++ b/products/almalinux10/profiles/ism_o_top_secret.profile +@@ -0,0 +1,50 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - eliseelk ++ - sashperso ++ - anjuskantha ++ ++reference: https://www.cyber.gov.au/ism ++ ++title: 'Australian Cyber Security Centre (ACSC) ISM Official - Top Secret' ++ ++description: |- ++ This draft profile contains configuration checks for AlmaLinux OS 10 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM). ++ ++ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning ++ AlmaLinux OS security controls with the ISM, which can be used to select controls ++ specific to an organisation's security posture and risk profile. ++ ++ A copy of the ISM can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ - ism_o:all:top_secret ++ # these rules do not work properly on RHEL 10 for now ++ - '!enable_authselect' ++ - '!enable_dracut_fips_module' ++ - '!firewalld_sshd_port_enabled' ++ - '!require_singleuser_auth' ++ # tally2 is deprecated, replaced by faillock ++ - '!accounts_passwords_pam_tally2_deny_root' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ - '!audit_rules_login_events_tallylog' ++ # lastlog is not used in RHEL 10 ++ - '!audit_rules_login_events_lastlog' ++ # this rule is currently failing on some systemd services, probably because of require_emergency_target_auth and require_singleuser_auth rules ++ - '!rpm_verify_hashes' ++ # this rule should not be needed anymore on RHEL 10, but investigation is recommended ++ - '!openssl_use_strong_entropy' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' ++ # This rule is not applicable for RHEL 10 ++ - '!force_opensc_card_drivers' ++ - '!service_chronyd_or_ntpd_enabled' +diff --git a/products/almalinux10/profiles/ospp.profile b/products/almalinux10/profiles/ospp.profile +new file mode 100644 +index 000000000..fce0fd011 +--- /dev/null ++++ b/products/almalinux10/profiles/ospp.profile +@@ -0,0 +1,29 @@ ++documentation_complete: true ++hidden: true ++ ++metadata: ++ version: 4.3 ++ SMEs: ++ - ggbecker ++ - matusmarhefka ++ ++reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=469&id=469 ++ ++title: 'DRAFT - Protection Profile for General Purpose Operating Systems' ++ ++description: |- ++ This is draft profile is based on the Red Hat Enterprise Linux 9 Common Criteria Guidance as ++ guidance for Red Hat Enterprise Linux 10 was not available at the time of release. ++ ++ ++ Where appropriate, CNSSI 1253 or DoD-specific values are used for ++ configuration, based on Configuration Annex to the OSPP. ++ ++selections: ++ - ospp:all ++ - '!package_screen_installed' ++ - '!package_dnf-plugin-subscription-manager_installed' ++ - '!package_scap-security-guide_installed' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' ++ - '!enable_authselect' +diff --git a/products/almalinux10/profiles/pci-dss.profile b/products/almalinux10/profiles/pci-dss.profile +new file mode 100644 +index 000000000..b7a8eba3e +--- /dev/null ++++ b/products/almalinux10/profiles/pci-dss.profile +@@ -0,0 +1,85 @@ ++documentation_complete: true ++ ++metadata: ++ version: '4.0.1' ++ SMEs: ++ - marcusburghardt ++ - mab879 ++ - vojtapolasek ++ ++reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf ++ ++title: 'PCI-DSS v4.0.1 Control Baseline for Red Hat Enterprise Linux 10' ++ ++description: |- ++ This is a draft profile for experimental purposes. ++ ++ Payment Card Industry - Data Security Standard (PCI-DSS) is a set of ++ security standards designed to ensure the secure handling of payment card ++ data, with the goal of preventing data breaches and protecting sensitive ++ financial information. ++ ++ This draft profile ensures Red Hat Enterprise Linux 10 is configured in alignment ++ with PCI-DSS v4.0.1 requirements. ++ ++selections: ++ - pcidss_4:all ++ - var_password_hashing_algorithm=yescrypt ++ - var_password_hashing_algorithm_pam=yescrypt ++ ++ # RHEL 10 uses a different rule for auditing changes to selinux configuration (PCI-DSSv4 - 10.3.4) ++ - '!audit_rules_mac_modification' ++ - audit_rules_mac_modification_etc_selinux ++ ++ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions. ++ # https://github.com/ComplianceAsCode/content/issues/11285 ++ - '!rpm_verify_permissions' ++ ++ # these rules do not apply to RHEL 10 ++ - '!enable_authselect' ++ - '!package_audit-audispd-plugins_installed' ++ - '!package_dhcp_removed' ++ - '!package_ypserv_removed' ++ - '!package_ypbind_removed' ++ - '!package_talk_removed' ++ - '!package_talk-server_removed' ++ - '!package_xinetd_removed' ++ - '!package_rsh_removed' ++ - '!package_rsh-server_removed' ++ ++ - '!service_ntp_enabled' ++ - '!service_ntpd_enabled' ++ - '!service_timesyncd_enabled' ++ - '!ntpd_specify_remote_server' ++ - '!ntpd_specify_multiple_servers' ++ ++ - '!accounts_passwords_pam_tally2' ++ - '!accounts_passwords_pam_tally2_unlock_time' ++ - '!cracklib_accounts_password_pam_dcredit' ++ - '!cracklib_accounts_password_pam_lcredit' ++ - '!cracklib_accounts_password_pam_minlen' ++ - '!cracklib_accounts_password_pam_retry' ++ - '!ensure_firewall_rules_for_open_ports' ++ - '!ensure_shadow_group_empty' ++ - '!ensure_suse_gpgkey_installed' ++ - ensure_almalinux_gpgkey_installed ++ - '!install_PAE_kernel_on_x86-32' ++ - '!mask_nonessential_services' ++ - '!nftables_ensure_default_deny_policy' ++ - '!set_ipv6_loopback_traffic' ++ - '!set_ip6tables_default_rule' ++ - '!set_loopback_traffic' ++ - '!set_password_hashing_algorithm_commonauth' ++ # Following rule are excluded since, "so far" no CCEs were defined for them and maybe irrelevant for rhel10 ++ - '!enable_dconf_user_profile' ++ ++ # Following are incompatible with the rhel10 product (based on RHEL9) ++ - '!service_chronyd_or_ntpd_enabled' ++ - '!aide_periodic_checking_systemd_timer' ++ - '!gnome_gdm_disable_unattended_automatic_login' ++ - '!permissions_local_var_log' ++ - '!sshd_use_strong_kex' ++ - '!sshd_use_approved_macs' ++ - '!sshd_use_approved_ciphers' ++ - '!security_patches_up_to_date' ++ - '!kernel_module_dccp_disabled' +diff --git a/products/almalinux10/profiles/stig.profile b/products/almalinux10/profiles/stig.profile +new file mode 100644 +index 000000000..68cfac18e +--- /dev/null ++++ b/products/almalinux10/profiles/stig.profile +@@ -0,0 +1,25 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - mab879 ++ ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: 'Red Hat STIG for Red Hat Enterprise Linux 10' ++ ++description: |- ++ This is a profile based on what is expected in the RHEL 10 STIG. ++ It is not based on the DISA STIG for RHEL 10, because it was not available at time of ++ the release. ++ ++ In addition to being applicable to Red Hat Enterprise Linux 10, this ++ configuration baseline is applicable to the operating system tier of ++ Red Hat technologies that are based on Red Hat Enterprise Linux 10. ++ ++selections: ++ - srg_gpos:all ++ - '!enable_authselect' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' +diff --git a/products/almalinux10/profiles/stig_gui.profile b/products/almalinux10/profiles/stig_gui.profile +new file mode 100644 +index 000000000..a7d4a1877 +--- /dev/null ++++ b/products/almalinux10/profiles/stig_gui.profile +@@ -0,0 +1,40 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - mab879 ++ ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: 'Red Hat STIG for Red Hat Enterprise Linux 10' ++ ++description: |- ++ This is a profile based on what is expected in the RHEL 10 STIG.: ++ It is not based on the DISA STIG for RHEL 10, because it was not available at time of ++ the release. ++ ++ In addition to being applicable to Red Hat Enterprise Linux 10, this ++ configuration baseline is applicable to the operating system tier of ++ Red Hat technologies that are based on Red Hat Enterprise Linux 10. ++ ++extends: stig ++ ++selections: ++ - '!xwindows_remove_packages' ++ ++ - '!xwindows_runlevel_target' ++ ++ - '!package_nfs-utils_removed' ++ ++ - '!enable_authselect' ++ # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese ++ # https://issues.redhat.com/browse/RHEL-10416 ++ - '!sysctl_user_max_user_namespaces' ++ # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant ++ - '!logind_session_timeout' ++ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended. ++ - '!enable_dracut_fips_module' ++ ++ # Package gdm cannot be removed as it is required for GUI installation ('@Server with GUI' package group) ++ - '!package_gdm_removed' +diff --git a/products/almalinux10/transforms/constants.xslt b/products/almalinux10/transforms/constants.xslt +new file mode 100644 +index 000000000..1b1a67317 +--- /dev/null ++++ b/products/almalinux10/transforms/constants.xslt +@@ -0,0 +1,13 @@ ++ ++ ++ ++ ++AlmaLinux OS 10 ++AL10 ++AL_10_STIG ++almalinux10 ++ ++https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++ ++ +diff --git a/products/almalinux10/transforms/table-style.xslt b/products/almalinux10/transforms/table-style.xslt +new file mode 100644 +index 000000000..8b6caeab8 +--- /dev/null ++++ b/products/almalinux10/transforms/table-style.xslt +@@ -0,0 +1,5 @@ ++ ++ ++ ++ ++ +diff --git a/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt +new file mode 100644 +index 000000000..4789419b8 +--- /dev/null ++++ b/products/almalinux10/transforms/xccdf-apply-overlay-stig.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux10/transforms/xccdf2table-cce.xslt b/products/almalinux10/transforms/xccdf2table-cce.xslt +new file mode 100644 +index 000000000..f156a6695 +--- /dev/null ++++ b/products/almalinux10/transforms/xccdf2table-cce.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt +new file mode 100644 +index 000000000..30419e92b +--- /dev/null ++++ b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/shared/checks/oval/installed_OS_is_almalinux10.xml b/shared/checks/oval/installed_OS_is_almalinux10.xml +new file mode 100644 +index 000000000..34f942d90 +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_almalinux10.xml +@@ -0,0 +1,34 @@ ++ ++ ++ ++ AlmaLinux OS 10 ++ ++ multi_platform_all ++ ++ ++ The operating system installed on the system is AlmaLinux OS 10 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ /etc/almalinux-release ++ ++ ++ ++ ++ ++ ++ /etc/almalinux-release ++ ^AlmaLinux release 10.[0-9]+ .*$ ++ 1 ++ ++ ++ +diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +index 42b866d3b..8560a7220 100644 +--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml ++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +@@ -16,6 +16,7 @@ + multi_platform_ol + multi_platform_rhcos + multi_platform_rhel ++multi_platform_almalinux + multi_platform_rhv + multi_platform_sle + multi_platform_slmicro5 +diff --git a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml +index e83699662..1efabcf62 100644 +--- a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml ++++ b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml +@@ -917,7 +917,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us + $ sudo grep -iw grub2_password /boot/grub2/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + +-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -929,7 +929,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not + + Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command: + +-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg ++$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + + If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. +@@ -1809,7 +1809,7 @@ On BIOS-based machines, use the following command: + + On UEFI-based machines, use the following command: + +-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg ++# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg + + If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command: + +@@ -1840,7 +1840,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm + + If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command: + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + # grep fips /boot/grub2/grub.cfg + /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet +@@ -1912,23 +1912,23 @@ An example rule that includes the "sha512" rule follows: + + If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media. + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + Check for the existence of alternate boot loader configuration files with the following command: + + # find / -name grub.cfg +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + +-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. ++If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. + + List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems): + +- # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg ++ # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg + 4 + + Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored): + +- # grep 'set root' /boot/efi/EFI/redhat/grub.cfg ++ # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg + set root='hd0,gpt2' + set root='hd0,gpt2' + set root='hd0,gpt2' +@@ -4453,12 +4453,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD} + + Generate a new grub.cfg file with the following command: + +-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfgFor systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + For systems that are running a version of Oracle Linux prior to 7.2, this is Not Applicable. + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniquestringhere]" + export superusers + +diff --git a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml +index 3071029bd..41db6bc3c 100644 +--- a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml ++++ b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml +@@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 100000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. ++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "100000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -435,7 +435,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniqueUserNamehere]" + export superusers + +diff --git a/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml b/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml +index 3e1d42930..ec0e423c3 100644 +--- a/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml ++++ b/shared/references/disa-stig-ol8-v2r4-xccdf-scap.xml +@@ -3389,7 +3389,7 @@ SHA_CRYPT_MIN_ROUNDS 100000 + + + CCI-000213 +- Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. ++ Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -12636,8 +12636,8 @@ The "logind" service must be restarted for the changes to take effect. To restar + + + +- +- ++ ++ + + + +@@ -20409,11 +20409,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi + + + +- ++ + + + +- ++ + + + +@@ -22349,12 +22349,12 @@ By limiting the number of attempts to meet the pwquality module complexity requi + 1 + + +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$ + 1 + + +- /boot/efi/EFI/redhat/user.cfg ++ /boot/efi/EFI/almalinux/user.cfg + ^\s*GRUB2_PASSWORD=(\S+)\b + 1 + +diff --git a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml +index bbc44024b..ef94e40fa 100644 +--- a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml ++++ b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml +@@ -3134,7 +3134,7 @@ SHA_CRYPT_MIN_ROUNDS 100000 + + + CCI-000213 +- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -12106,8 +12106,8 @@ $ sudo systemctl restart systemd-logind + + + +- +- ++ ++ + + + +@@ -19802,11 +19802,11 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s + + + +- ++ + + + +- ++ + + + +@@ -21745,12 +21745,12 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s + 1 + + +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$ + 1 + + +- /boot/efi/EFI/redhat/user.cfg ++ /boot/efi/EFI/almalinux/user.cfg + ^\s*GRUB2_PASSWORD=(\S+)\b + 1 + +diff --git a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml +index 7fa5cfb17..4024119f2 100644 +--- a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml ++++ b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml +@@ -370,7 +370,7 @@ SHA_CRYPT_MIN_ROUNDS 100000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "100000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -380,7 +380,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniquestringhere]" + export superusers + +diff --git a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh b/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh +index 8c002663d..c8d3ff1a4 100644 +--- a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh ++++ b/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # This test only applies to platforms that check the pwquality.conf.d directory +-# platform = Oracle Linux 8,multi_platform_rhel ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_{{{ VARIABLE }}}={{{ TEST_VAR_VALUE }}} + + truncate -s 0 /etc/security/pwquality.conf +diff --git a/shared/templates/accounts_password/tests/correct_value_directory.pass.sh b/shared/templates/accounts_password/tests/correct_value_directory.pass.sh +index 689093008..c25c13332 100644 +--- a/shared/templates/accounts_password/tests/correct_value_directory.pass.sh ++++ b/shared/templates/accounts_password/tests/correct_value_directory.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # This test only applies to platforms that check the pwquality.conf.d directory +-# platform = Oracle Linux 8,multi_platform_rhel ++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + # variables = var_password_pam_{{{ VARIABLE }}}={{{ TEST_VAR_VALUE }}} + + # This test will ensure that OVAL also checks the configuration in +diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh +index deca23463..fb11356dc 100644 +--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh ++++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10 + source common.sh + + {{{ setup_auditctl_environment() }}} +diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh +index 5ac5acf32..b41e800a5 100644 +--- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh ++++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_arch.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 10,AlmaLinux OS 10 + + source common.sh + +diff --git a/shared/templates/grub2_bootloader_argument/kickstart.template b/shared/templates/grub2_bootloader_argument/kickstart.template +index c5051bcf7..846c0e661 100644 +--- a/shared/templates/grub2_bootloader_argument/kickstart.template ++++ b/shared/templates/grub2_bootloader_argument/kickstart.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh +index 4cc696340..7dcfe8e61 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # packages = grub2,grubby + + {{%- if ARG_VARIABLE %}} +diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh +index c6d5b6b1b..0557b2f03 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_fedora + # packages = grub2,grubby + {{%- if ARG_VARIABLE %}} + # variables = {{{ ARG_VARIABLE }}}=correct_value +diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh +index b875737f2..9685f6abd 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # packages = grub2,grubby + {{%- if ARG_VARIABLE %}} + # variables = {{{ ARG_VARIABLE }}}=correct_value +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh +index fc3db8ccd..a12bef4b2 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # packages = grub2-tools,grubby + + # Adds argument from kernel command line in /etc/default/grub +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh +index e51f669fd..00a74f76f 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # packages = grub2-tools,grubby + + # Adds argument with a value from kernel command line in /etc/default/grub +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh +index d5d39d91c..2b25d0659 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10 ++# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10 + # packages = grub2,grubby + + # Ensure the kernel command line for each installed kernel in the bootloader +diff --git a/shared/templates/kernel_module_disabled/kubernetes.template b/shared/templates/kernel_module_disabled/kubernetes.template +index c77cebfbb..2820e9745 100644 +--- a/shared/templates/kernel_module_disabled/kubernetes.template ++++ b/shared/templates/kernel_module_disabled/kubernetes.template +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template +index 56617467d..3cdacd4db 100644 +--- a/shared/templates/mount/blueprint.template ++++ b/shared/templates/mount/blueprint.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + [[customizations.filesystem]] + mountpoint = "{{{ MOUNTPOINT }}}" +diff --git a/shared/templates/mount/kickstart.template b/shared/templates/mount/kickstart.template +index fc2bdebd7..3c7833aa7 100644 +--- a/shared/templates/mount/kickstart.template ++++ b/shared/templates/mount/kickstart.template +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + logvol {{{ MOUNTPOINT }}} {{{ MIN_SIZE_MB }}} +diff --git a/shared/templates/package_installed/bootc.template b/shared/templates/package_installed/bootc.template +index ddac8ef40..86cb91791 100644 +--- a/shared/templates/package_installed/bootc.template ++++ b/shared/templates/package_installed/bootc.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_installed/kickstart.template b/shared/templates/package_installed/kickstart.template +index be0fc1de8..8284a5711 100644 +--- a/shared/templates/package_installed/kickstart.template ++++ b/shared/templates/package_installed/kickstart.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_removed/bootc.template b/shared/templates/package_removed/bootc.template +index eef498941..255ac57a1 100644 +--- a/shared/templates/package_removed/bootc.template ++++ b/shared/templates/package_removed/bootc.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template +index 99f5e33b9..a0b930444 100644 +--- a/shared/templates/package_removed/kickstart.template ++++ b/shared/templates/package_removed/kickstart.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh +index 1e4ab26a7..88a935f88 100644 +--- a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh ++++ b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel ++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux + + {{{ tests_init_faillock_vars("correct") }}} + +diff --git a/shared/templates/service_disabled/kickstart.template b/shared/templates/service_disabled/kickstart.template +index d1e39ae29..7ecd5523e 100644 +--- a/shared/templates/service_disabled/kickstart.template ++++ b/shared/templates/service_disabled/kickstart.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template +index 1ab456524..724e7b779 100644 +--- a/shared/templates/service_disabled/kubernetes.template ++++ b/shared/templates/service_disabled/kubernetes.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_disabled_guard_var/bash.template b/shared/templates/service_disabled_guard_var/bash.template +index 0afd3332d..62c4762e7 100644 +--- a/shared/templates/service_disabled_guard_var/bash.template ++++ b/shared/templates/service_disabled_guard_var/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_enabled/kickstart.template b/shared/templates/service_enabled/kickstart.template +index 451af774a..27ac615a2 100644 +--- a/shared/templates/service_enabled/kickstart.template ++++ b/shared/templates/service_enabled/kickstart.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh +index ab3f45c20..04b4f8cf8 100644 +--- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh ++++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu + {{%- if XCCDF_VARIABLE %}} + # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}} + {{%- endif %}} +diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh +index c5390ff13..9f596cf48 100644 +--- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh ++++ b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu + + mkdir -p /etc/ssh/sshd_config.d + touch /etc/ssh/sshd_config.d/nothing +diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh +index 7d55e3d0d..f8ea20e04 100644 +--- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh ++++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu + + + {{% if XCCDF_VARIABLE %}} +diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh +index c68680483..6c35a7465 100644 +--- a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh ++++ b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu + + {{% if XCCDF_VARIABLE %}} + # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}} +diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh +index 983eb3fda..176f386e7 100644 +--- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh ++++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu ++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu + + {{% if XCCDF_VARIABLE %}} + # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}} +diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template +index 73810f216..54434bb42 100644 +--- a/shared/templates/zipl_bls_entries_option/ansible.template ++++ b/shared/templates/zipl_bls_entries_option/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = true + # strategy = configure + # complexity = medium +diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template +index e14d59dfc..1b236a130 100644 +--- a/shared/templates/zipl_bls_entries_option/bash.template ++++ b/shared/templates/zipl_bls_entries_option/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + # Correct BLS option using grubby, which is a thin wrapper around BLS operations + grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}" +diff --git a/ssg/constants.py b/ssg/constants.py +index a0265a9d9..ebc8165aa 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -40,7 +40,7 @@ SSG_REF_URIS = { + product_directories = [ + 'alinux2', + 'alinux3', +- 'almalinux9', ++ 'almalinux10', + 'anolis8', + 'anolis23', + 'al2023', +@@ -211,7 +211,7 @@ PKG_MANAGER_TO_CONFIG_FILE = { + FULL_NAME_TO_PRODUCT_MAPPING = { + "Alibaba Cloud Linux 2": "alinux2", + "Alibaba Cloud Linux 3": "alinux3", +- "AlmaLinux OS 9": "almalinux9", ++ "AlmaLinux OS 10": "almalinux10", + "Anolis OS 8": "anolis8", + "Anolis OS 23": "anolis23", + "Amazon Linux 2023": "al2023", +@@ -302,7 +302,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", + + MULTI_PLATFORM_MAPPING = { + "multi_platform_alinux": ["alinux2", "alinux3"], +- "multi_platform_almalinux": ["almalinux9"], ++ "multi_platform_almalinux": ["almalinux10"], + "multi_platform_anolis": ["anolis8", "anolis23"], + "multi_platform_debian": ["debian11", "debian12"], + "multi_platform_example": ["example"], +diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml +index 27cf93dcc..16fc52311 100644 +--- a/tests/data/product_stability/ol7.yml ++++ b/tests/data/product_stability/ol7.yml +@@ -30,7 +30,7 @@ groups: + dedicated_ssh_keyowner: + name: ssh_keys + grub2_boot_path: /boot/grub2 +-grub2_uefi_boot_path: /boot/efi/EFI/redhat ++grub2_uefi_boot_path: /boot/efi/EFI/almalinux + grub_helper_executable: grubby + init_system: systemd + major_version_ordinal: 7 +diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml +index 169cd1991..f694d28f5 100644 +--- a/tests/data/product_stability/ol8.yml ++++ b/tests/data/product_stability/ol8.yml +@@ -30,7 +30,7 @@ groups: + dedicated_ssh_keyowner: + name: ssh_keys + grub2_boot_path: /boot/grub2 +-grub2_uefi_boot_path: /boot/efi/EFI/redhat ++grub2_uefi_boot_path: /boot/efi/EFI/almalinux + grub_helper_executable: grubby + init_system: systemd + major_version_ordinal: 8 +diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml +index 8f764c4d1..0cc1d40ec 100644 +--- a/tests/data/product_stability/rhel8.yml ++++ b/tests/data/product_stability/rhel8.yml +@@ -81,7 +81,7 @@ groups: + dedicated_ssh_keyowner: + name: ssh_keys + grub2_boot_path: /boot/grub2 +-grub2_uefi_boot_path: /boot/efi/EFI/redhat ++grub2_uefi_boot_path: /boot/efi/EFI/almalinux + grub_helper_executable: grubby + init_system: systemd + journald_conf_dir_path: /etc/systemd/journald.conf.d +diff --git a/tests/data/utils/disa-stig-rhel8-v1r6-xccdf-manual.xml b/tests/data/utils/disa-stig-rhel8-v1r6-xccdf-manual.xml +index 849ab06f6..1a4927eec 100644 +--- a/tests/data/utils/disa-stig-rhel8-v1r6-xccdf-manual.xml ++++ b/tests/data/utils/disa-stig-rhel8-v1r6-xccdf-manual.xml +@@ -368,7 +368,7 @@ $ sudo egrep "^SHA_CRYPT_" /etc/login.defs + + If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding. + +-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -378,7 +378,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniquestringhere]" + export superusers + +diff --git a/tests/shared/grub2.sh b/tests/shared/grub2.sh +index 42abeb78e..fb99e71f2 100644 +--- a/tests/shared/grub2.sh ++++ b/tests/shared/grub2.sh +@@ -11,10 +11,10 @@ function set_grub_uefi_root { + if grep VERSION /etc/os-release | grep -q '9\.'; then + GRUB_CFG_ROOT=/boot/grub2 + else +- GRUB_CFG_ROOT=/boot/efi/EFI/redhat ++ GRUB_CFG_ROOT=/boot/efi/EFI/almalinux + fi + elif grep NAME /etc/os-release | grep -iq "Oracle"; then +- GRUB_CFG_ROOT=/boot/efi/EFI/redhat ++ GRUB_CFG_ROOT=/boot/efi/EFI/almalinux + elif grep NAME /etc/os-release | grep -iq "Ubuntu"; then + GRUB_CFG_ROOT=/boot/grub + fi +diff --git a/tests/unit/ssg-module/data/product.yml b/tests/unit/ssg-module/data/product.yml +index 540ab0181..191dde4ec 100644 +--- a/tests/unit/ssg-module/data/product.yml ++++ b/tests/unit/ssg-module/data/product.yml +@@ -25,7 +25,7 @@ aux_pkg_version: "5a6340b3" + release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51" + auxiliary_key_fingerprint: "7E4624258C406535D56D6F135054E4A45A6340B3" + +-grub2_uefi_boot_path: "/boot/efi/EFI/redhat" ++grub2_uefi_boot_path: "/boot/efi/EFI/almalinux" + + cpes_root: "./applicability" + cpes: +diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh +index 5a2bc1005..c3dfe6dce 100644 +--- a/tests/unit/ssg_test_suite/data/correct.pass.sh ++++ b/tests/unit/ssg_test_suite/data/correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = sudo,authselect +-# platform = multi_platform_rhel,Fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,Fedora + # profiles = xccdf_org.ssgproject.content_profile_cis + # check = oval + # remediation = none