diff --git a/files/scap-security-guide-add-almalinux10-product.patch b/files/scap-security-guide-add-almalinux10-product.patch
index 4313eae..c6bb41e 100644
--- a/files/scap-security-guide-add-almalinux10-product.patch
+++ b/files/scap-security-guide-add-almalinux10-product.patch
@@ -1,8 +1,8 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
-index a31014247..378b66c5a 100644
+index 7627ee0bd..f0c768006 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -90,7 +90,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
+@@ -87,7 +87,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
option(SSG_PRODUCT_AL2023 "If enabled, the Amazon Linux 2023 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -10,8 +10,8 @@ index a31014247..378b66c5a 100644
+option(SSG_PRODUCT_ALMALINUX10 "If enabled, the AlmaLinux OS 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
- option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
-@@ -328,7 +328,7 @@ message(STATUS "Products:")
+ option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+@@ -324,7 +324,7 @@ message(STATUS "Products:")
message(STATUS "Amazon Linux 2023: ${SSG_PRODUCT_AL2023}")
message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}")
message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}")
@@ -19,8 +19,8 @@ index a31014247..378b66c5a 100644
+message(STATUS "AlmaLinux OS 10: ${SSG_PRODUCT_ALMALINUX10}")
message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}")
message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}")
- message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}")
-@@ -394,8 +394,8 @@ endif()
+ message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}")
+@@ -389,8 +389,8 @@ endif()
if(SSG_PRODUCT_ALINUX3)
add_subdirectory("products/alinux3" "alinux3")
endif()
@@ -32,10 +32,10 @@ index a31014247..378b66c5a 100644
if(SSG_PRODUCT_ANOLIS8)
add_subdirectory("products/anolis8" "anolis8")
diff --git a/build_product b/build_product
-index 90b25237e..4e4ffe3d9 100755
+index 76e3d3a69..57ae1b1a1 100755
--- a/build_product
+++ b/build_product
-@@ -364,7 +364,7 @@ all_cmake_products=(
+@@ -330,7 +330,7 @@ all_cmake_products=(
AL2023
ALINUX2
ALINUX3
@@ -43,248 +43,216 @@ index 90b25237e..4e4ffe3d9 100755
+ ALMALINUX10
ANOLIS23
ANOLIS8
- CHROMIUM
+ DEBIAN11
diff --git a/controls/anssi.yml b/controls/anssi.yml
-index 86b84a044..2d04a7814 100644
+index 43258e5de..705a8284d 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
-@@ -806,10 +806,8 @@ controls:
- ANSSI doesn't specify the length of the inactivity period, we are choosing 10 minutes as reasonable number.
- status: automated
- rules:
-- {{% if "rhel" in product or "ol" in families %}}
- - logind_session_timeout
- - var_logind_session_timeout=10_minutes
-- {{% endif %}}
- - accounts_tmout
- - var_accounts_tmout=10_min
+@@ -1254,7 +1254,7 @@ controls:
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_local_packages
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_oracle_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
-@@ -1246,7 +1244,7 @@ controls:
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_globally_activated
- - ensure_gpgcheck_local_packages
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_oracle_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
-
-@@ -1298,10 +1296,6 @@ controls:
- - package_rsh_removed
- - package_rsh-server_removed
- - package_sendmail_removed
-- {{%- if "rhel" not in product %}}
-- - package_talk_removed
-- - package_talk-server_removed
-- {{%- endif %}}
- - package_telnet_removed
- - package_telnet-server_removed
- - package_tftp_removed
diff --git a/controls/cis_almalinux9.yml b/controls/cis_almalinux9.yml
-index 4591f52c6..670d0b14f 100644
+index 0b8a8ecaf..963d5df62 100644
--- a/controls/cis_almalinux9.yml
+++ b/controls/cis_almalinux9.yml
-@@ -360,7 +360,7 @@ controls:
- - l1_workstation
- status: manual
- related_rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
+@@ -363,7 +363,7 @@ controls:
+ - l1_workstation
+ status: manual
+ related_rules:
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
- - id: 1.2.1.2
- title: Ensure gpgcheck is globally activated (Automated)
+ - id: 1.2.1.2
+ title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
-index 8a3fd6b86..e1a46a905 100644
+index 6e9f1a526..f2fb754fa 100644
--- a/controls/cis_rhel10.yml
+++ b/controls/cis_rhel10.yml
-@@ -303,7 +303,7 @@ controls:
- - l1_workstation
- status: manual
- related_rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
+@@ -368,7 +368,7 @@ controls:
+ - l1_workstation
+ status: manual
+ related_rules:
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
- - id: 1.2.1.2
- title: Ensure gpgcheck is globally activated (Automated)
+ - id: 1.2.1.2
+ title: Ensure gpgcheck is configured (Automated)
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
-index 05152b5b8..fa73354e0 100644
+index a5b889cd5..5c9c9af89 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
-@@ -353,7 +353,7 @@ controls:
- - l1_workstation
- status: manual
- related_rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
+@@ -356,7 +356,7 @@ controls:
+ - l1_workstation
+ status: manual
+ related_rules:
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
- - id: 1.2.2
- title: Ensure gpgcheck is globally activated (Automated)
-diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
-index 017acb8d4..d97bb7c0b 100644
---- a/controls/cis_rhel9.yml
-+++ b/controls/cis_rhel9.yml
-@@ -360,7 +360,7 @@ controls:
- - l1_workstation
- status: manual
- related_rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
-
- - id: 1.2.1.2
- title: Ensure gpgcheck is globally activated (Automated)
+ - id: 1.2.2
+ title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/e8.yml b/controls/e8.yml
-index dac6a8c85..640cd37c0 100644
+index eecf857ad..4000844eb 100644
--- a/controls/e8.yml
+++ b/controls/e8.yml
@@ -24,7 +24,7 @@ controls:
- - service_avahi-daemon_disabled
- - package_squid_removed
- - service_squid_disabled
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_globally_activated
+ - service_avahi-daemon_disabled
+ - package_squid_removed
+ - service_squid_disabled
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_globally_activated
diff --git a/controls/hipaa.yml b/controls/hipaa.yml
-index 27895b700..a34683373 100644
+index 0f5470740..f0b1b567a 100644
--- a/controls/hipaa.yml
+++ b/controls/hipaa.yml
-@@ -167,7 +167,7 @@ controls:
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_repo_metadata
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- status: automated
+@@ -170,7 +170,7 @@ controls:
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_repo_metadata
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ status: automated
@@ -1388,7 +1388,7 @@ controls:
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_repo_metadata
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_repo_metadata
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ status: automated
@@ -1419,7 +1419,7 @@ controls:
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_repo_metadata
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_repo_metadata
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ status: automated
@@ -1439,7 +1439,7 @@ controls:
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_repo_metadata
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_repo_metadata
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ status: automated
@@ -1720,7 +1720,7 @@ controls:
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
- - ensure_gpgcheck_repo_metadata
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_repo_metadata
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ status: automated
+diff --git a/controls/ism_o.yml b/controls/ism_o.yml
+index f697010f5..c3f5e7bd9 100644
+--- a/controls/ism_o.yml
++++ b/controls/ism_o.yml
+@@ -603,7 +603,7 @@ controls:
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - dnf-automatic_security_updates_only
+ status: automated
+
diff --git a/controls/ospp.yml b/controls/ospp.yml
-index 505f7b2a7..e67bf76d1 100644
+index d3f59d9a2..5c5bbc813 100644
--- a/controls/ospp.yml
+++ b/controls/ospp.yml
@@ -447,7 +447,7 @@ controls:
- - ensure_gpgcheck_globally_activated
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ status: automated
- - id: FPT_TUD_EXT.2
+ - id: FPT_TUD_EXT.2
@@ -461,7 +461,7 @@ controls:
- - ensure_gpgcheck_globally_activated
- - ensure_gpgcheck_local_packages
- - ensure_gpgcheck_never_disabled
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- status: automated
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ status: automated
- - id: FPT_TST_EXT.1
+ - id: FPT_TST_EXT.1
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
-index 1bdd27a73..111e3a773 100644
+index 087341f71..3243d6f5a 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -1555,7 +1555,7 @@ controls:
- - base
- status: automated
+ - base
+ status: automated
+ rules:
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_globally_activated
+diff --git a/controls/stig_rhel8.yml b/controls/stig_rhel8.yml
+index 6bd332f68..41f580913 100644
+--- a/controls/stig_rhel8.yml
++++ b/controls/stig_rhel8.yml
+@@ -3172,7 +3172,7 @@ controls:
+ - medium
+ title: RHEL 8 must ensure cryptographic verification of vendor software packages.
rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- - ensure_suse_gpgkey_installed
- - ensure_almalinux_gpgkey_installed
- - ensure_gpgcheck_globally_activated
-diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
-index f66299e6f..5448dee70 100644
---- a/controls/stig_rhel9.yml
-+++ b/controls/stig_rhel9.yml
-@@ -382,7 +382,7 @@ controls:
- - medium
- title: RHEL 9 must ensure cryptographic verification of vendor software packages.
- rules:
-- - ensure_redhat_gpgkey_installed
-+ - ensure_almalinux_gpgkey_installed
- status: automated
+- - ensure_redhat_gpgkey_installed
++ - ensure_almalinux_gpgkey_installed
+ status: automated
- - id: RHEL-09-214015
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
-index bdf3015c4..658327033 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- apiVersion: machineconfiguration.openshift.io/v1
- kind: MachineConfig
- spec:
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
-index 7c8e520c1..e5c1d9d93 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- apiVersion: machineconfiguration.openshift.io/v1
- kind: MachineConfig
- spec:
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
-index 639d76a21..7f4d463d6 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- apiVersion: machineconfiguration.openshift.io/v1
- kind: MachineConfig
- spec:
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
-index 083a612a0..3228b89b7 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
-@@ -1,5 +1,5 @@
- ---
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
- apiVersion: machineconfiguration.openshift.io/v1
- kind: MachineConfig
- spec:
+ - id: RHEL-08-010358
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+index abea2ac97..c93261cf7 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+@@ -78,6 +78,6 @@ template:
+ - chmod
+ - fchmod
+ - fchmodat
+-{{% if product in ["fedora", "rhel10"] %}}
++{{% if product in ["fedora", "rhel10", "almalinux10"] %}}
+ - fchmodat2
+ {{% endif %}}
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/group.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/group.yml
+index 19a1240d1..1bf770ae2 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/group.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/group.yml
+@@ -11,7 +11,7 @@ description: |-
+ still achieving the desired effect. An example of this is that the "-S" calls
+ could be split up and placed on separate lines, however, this is less efficient.
+ Add the following to /etc/audit/audit.rules :
+-{{% if product in ["fedora", "rhel10"] %}}
++{{% if product in ["fedora", "rhel10", "almalinux10"] %}}
+ -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat,fchmodat2 -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+ {{% else %}}
+ -a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+@@ -20,7 +20,7 @@ description: |-
+ -a always,exit -F arch=b32 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+ If your system is 64 bit then these lines should be duplicated and the
+ arch=b32 replaced with arch=b64 as follows:
+-{{% if product in ["fedora", "rhel10"] %}}
++{{% if product in ["fedora", "rhel10", "almalinux10"] %}}
+ -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat,fchmodat2 -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+ {{% else %}}
+ -a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
index 536e45f3a..6fc5182e2 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
@@ -559,7 +527,7 @@ index ee2c9ce79..cabf11a5b 100644
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
-index b6fd7bf89..ee7c90bfd 100644
+index 43e72845c..b16ac83f1 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
@@ -1,6 +1,6 @@
@@ -642,7 +610,7 @@ index 2dba37605..c9684121a 100644
./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
-index 6c114c13c..5c5f7185c 100644
+index f0ea21841..6f744d05b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -705,12 +673,12 @@ index 9c5b7d2eb..cae43ea29 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
-index d0626b7aa..71cc2ea03 100644
+index dd0efe72d..c3e8fc990 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_debian
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
@@ -793,26 +761,26 @@ index 09d4e8ff5..6a8e8bdab 100644
groupadd group_test
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
-index 6f19e15c6..b1d995c61 100644
+index 1343cfbf2..3241e6cdc 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
--# platform = multi_platform_rhel
-+# platform = multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_fedora
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
-index cf4b02b90..cd69f17c2 100644
+index d7c821524..f7fd9a307 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
--# platform = multi_platform_rhel
-+# platform = multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
@@ -1004,7 +972,7 @@ index 55f407e01..b9084af21 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
-index b14a9d1ea..74f04b3a8 100644
+index 8ce3a4141..da31c4a6b 100644
--- a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
@@ -28,7 +28,7 @@ severity: medium
@@ -1050,7 +1018,7 @@ index 413293083..3f8c50a39 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
-index 07f1995d3..52c72adfa 100644
+index 31dacde7e..293270360 100644
--- a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
@@ -27,7 +27,7 @@ severity: medium
@@ -1096,7 +1064,7 @@ index f62426900..bd3ddd10a 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
-index 6e54357fb..b1663bbfc 100644
+index dff42045c..d2c25e1a3 100644
--- a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
@@ -36,7 +36,7 @@ severity: medium
@@ -1131,7 +1099,7 @@ index 08c8dc855..e9277f263 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
-index 8f2967b86..706785506 100644
+index 6dde3307f..5e762f9c3 100644
--- a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
@@ -30,7 +30,7 @@ severity: medium
@@ -1155,7 +1123,7 @@ index dab3d0eaa..620596c44 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
-index fd0c14485..522cd62c6 100644
+index f3d51b3fe..8c5506edf 100644
--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
@@ -28,7 +28,7 @@ severity: medium
@@ -1201,7 +1169,7 @@ index bff04fe4c..a56d7f18f 100644
{{% set file_contents = """## Successful file delete
-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
-index de80eee5e..e39913cf3 100644
+index 6f39f271c..43d97b760 100644
--- a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
@@ -26,7 +26,7 @@ severity: medium
@@ -1258,7 +1226,7 @@ index 2d9279849..ec6477378 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
-index b3c3f4df7..9c19a1ff9 100644
+index d7bd0b785..8946478a5 100644
--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
@@ -36,7 +36,7 @@ severity: medium
@@ -1304,7 +1272,7 @@ index c6f796967..7a6e545c4 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
-index eb6c21648..dfa82788f 100644
+index cc6712432..d3c76e38f 100644
--- a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
@@ -31,7 +31,7 @@ severity: medium
@@ -1385,7 +1353,7 @@ index 96ee57492..09bfe412b 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
-index c40951368..a0c8c7f2c 100644
+index f9f327973..8683981c1 100644
--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
@@ -149,7 +149,7 @@ severity: medium
@@ -1420,7 +1388,7 @@ index 23940aca3..8775144da 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
-index da5675b52..2ee9f197f 100644
+index d9fbc3779..9ae1c9c1e 100644
--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
@@ -28,7 +28,7 @@ severity: medium
@@ -1433,7 +1401,7 @@ index da5675b52..2ee9f197f 100644
- not aarch64_arch and not ppc64le_arch
{{% endif %}}
diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
-index acad2197a..787a24e43 100644
+index 25c32a08b..ec96e52c4 100644
--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
@@ -26,7 +26,7 @@ severity: medium
@@ -1446,7 +1414,7 @@ index acad2197a..787a24e43 100644
- not aarch64_arch and not ppc64le_arch
{{% endif %}}
diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
-index c3dc80d3e..2cbe6ab54 100644
+index 97b8a1583..26cb9427a 100644
--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
@@ -28,7 +28,7 @@ severity: medium
@@ -1459,7 +1427,7 @@ index c3dc80d3e..2cbe6ab54 100644
- not aarch64_arch and not ppc64le_arch
{{% endif %}}
diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
-index b4d600325..b2e6f4f3c 100644
+index c95c2a0f4..e755f49a7 100644
--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
+++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
@@ -26,7 +26,7 @@ severity: medium
@@ -1481,7 +1449,7 @@ index 166a20b8e..1d95807b6 100644
kdump disable
service disable kdump
diff --git a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
-index 1e53d881f..a73066e7d 100644
+index 1e575a03c..1c27c61b2 100644
--- a/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
+++ b/linux_os/guide/services/cron_and_at/package_cron_installed/rule.yml
@@ -1,4 +1,4 @@
@@ -1491,7 +1459,7 @@ index 1e53d881f..a73066e7d 100644
{{% else %}}
{{% set package_name = "cron" %}}
diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
-index 7977cba9f..2eb30f0d2 100644
+index d54589c84..883befbc6 100644
--- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
@@ -1,4 +1,4 @@
@@ -1501,7 +1469,7 @@ index 7977cba9f..2eb30f0d2 100644
{{% else %}}
{{% set service_name = "cron" %}}
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
-index a0330236a..89efc61e4 100644
+index 59218a0ea..daba64fed 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -1511,7 +1479,7 @@ index a0330236a..89efc61e4 100644
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
-index 001ead7d6..1fc220d8a 100644
+index 43e16c187..b2af04b32 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
@@ -1,4 +1,4 @@
@@ -1625,8 +1593,21 @@ index c435df983..b80ffbf7b 100644
# reboot = true
# strategy = restrict
# complexity = low
+diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+index aabc4380f..d41090da7 100644
+--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+@@ -45,7 +45,7 @@ warnings:
+ Consequently, the rngd service can't be started in FIPS mode.
+ {{% endif %}}
+
+-{{% if product in ["fedora", "ol9", "ol10", "rhel9", "rhel10"] %}}
++{{% if product in ["fedora", "ol9", "ol10", "rhel9", "rhel10", "almalinux10"] %}}
+ platform: not runtime_kernel_fips_enabled
+ warnings:
+ - general: |-
diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
-index a66068605..f25b95045 100644
+index a10c4daa1..bfb3121f4 100644
--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -1646,7 +1627,7 @@ index 9e1f01f53..d7d4c2651 100644
#By Luke "Brisk-OH" Brisk
#luke.brisk@boeing.com or luke.brisk@gmail.com
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
-index ca07eef0e..9a56d0833 100644
+index 2ea6b4821..e9398b913 100644
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -1666,7 +1647,7 @@ index c54b259d0..78a682cc8 100644
{{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
-index 5a97f74df..104b27f3f 100644
+index ecc0d0386..c89a8a845 100644
--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
@@ -1,5 +1,5 @@
@@ -1675,20 +1656,20 @@ index 5a97f74df..104b27f3f 100644
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
- spec:
+ metadata:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
-index 31c4683c8..b03ae1453 100644
+index ae9b6ceb6..a7e47b156 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ospp_ok.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10
-+# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10
+-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_fedora
# profiles = xccdf_org.ssgproject.content_profile_ospp
mkdir -p /etc/ssh/sshd_config.d
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
-index 261bbb8ff..b66ad7305 100644
+index aed45dc46..193d88a51 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
@@ -19,7 +19,7 @@ description: |-
@@ -1809,43 +1790,43 @@ index 456f06484..e6fb4c857 100644
SSSD_FILE="/etc/sssd/sssd.conf"
rm -f $SSSD_FILE
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
-index e0bdca6be..9ce5132f6 100644
+index 780c4d1a5..ccec13d45 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
--# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
-+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
systemctl set-default multi-user.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
-index 9ec0cae93..4487412e5 100644
+index fd3c4a48d..c79a3a43f 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
--# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
-+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
-index 3df966d45..25eb0ca24 100644
+index 5ffb26956..f1af96866 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
--# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
-+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
systemctl set-default graphical.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
-index d3da2f113..a90d73d4b 100644
+index 99a85d26d..33cdca2f3 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
--# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
-+# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
@@ -1860,97 +1841,293 @@ index c2feb1fbc..116c6cde5 100644
kind: MachineConfig
metadata:
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
-index 6a271415e..db0169ab1 100644
+index 1dd9f4512..4c8892f4a 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# profiles = xccdf_org.ssgproject.content_profile_ncp
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
-index 814770179..c8048d4c7 100644
+index 6ff96441a..6966391a2 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
-index 39efbc8ba..fd836684b 100644
+index 9969fcc6f..ac6e95eda 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
-index 7c4c9bb29..477057df2 100644
+index c316d7c8f..e942b3ef2 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh
+index 7c7d4c073..51c6c97a8 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
-index 4abed18e2..609a92b7e 100644
+index e514c5aae..2e2be1afc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
authselect create-profile test_profile -b sssd
authselect select "custom/test_profile" --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
-index 077479b8a..7be653143 100644
+index 6cc976f24..fc1e0791c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
authselect create-profile test_profile -b sssd
authselect select "custom/test_profile" --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
-index 4abed18e2..609a92b7e 100644
+index e514c5aae..2e2be1afc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
authselect create-profile test_profile -b sssd
authselect select "custom/test_profile" --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
-index 077479b8a..7be653143 100644
+index 6cc976f24..fc1e0791c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
authselect create-profile test_profile -b sssd
authselect select "custom/test_profile" --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
+index dd32200e4..0d1592798 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
+index c4e304ec1..034f7839f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
+index 52e4f15c7..112c068ec 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+index 1296b6744..860edc03a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+index dfcaa146c..f18bdd223 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+index 5f4aa8251..fc8f8a9b4 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # remediation = none
+
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+index 24883ef0c..d32d71132 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
+index 694398e7b..37ca0263c 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
+index d9040a495..1536f7f3e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/ansible/shared.yml
+index 8fb16daea..6ef0ceafe 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/bash/shared.sh
+index 1ef54f081..42270486d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/system-auth", "password", "required", "pam_pwhistory.so", "use_authtok") }}}
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/password-auth", "password", "required", "pam_pwhistory.so", "use_authtok") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_correct.pass.sh
+index a0ee8ece7..276673756 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_correct.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/system-auth", "password", "required", "pam_pwhistory.so", "use_authtok") }}}
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/password-auth", "password", "required", "pam_pwhistory.so", "use_authtok") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_wrong.fail.sh
+index c184a3062..baf8384ca 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_wrong.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_use_authtok/tests/rhel_wrong.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/system-auth", "password", "required", "pam_pwhistory.so", "remember") }}}
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/password-auth", "password", "required", "pam_pwhistory.so", "remember") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/ansible/shared.yml
+index c08e3b426..0cc45b355 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/bash/shared.sh
+index 9742fb75c..d3154fa77 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/system-auth", "password", "sufficient", "pam_unix.so", "use_authtok") }}}
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/password-auth", "password", "sufficient", "pam_unix.so", "use_authtok") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_correct.pass.sh
+index 52724ed73..276c3c6fc 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_correct.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/system-auth", "password", "sufficient", "pam_unix.so", "use_authtok") }}}
+ {{{ bash_ensure_pam_module_option("/etc/pam.d/password-auth", "password", "sufficient", "pam_unix.so", "use_authtok") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_wrong.fail.sh
+index c07b7d56a..fbee6a5e7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_wrong.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/rhel_wrong.fail.sh
+@@ -1,3 +1,3 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ sed -i 's/use_authtok/remember/' /etc/pam.d/system-auth /etc/pam.d/password-auth
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
index 2ba38d0ad..bdd471cdc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
@@ -1975,18 +2152,65 @@ index bcfa1a721..2cb77dd13 100644
source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+index eef841ce5..021894a32 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # remediation = none
+
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
-index 7a6fcb555..8dbcb0b0e 100644
+index aa36b3be2..d116e45b7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
pam_files=("password-auth" "system-auth")
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+index 1d4f1f91f..acaf1f6f3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,Oracle Linux 8
+ # remediation = none
+
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+index 8128a072f..c28980e01 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,Oracle Linux 8
+
+ authselect select sssd --force
+ authselect enable-feature with-faillock
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index ffdc55852..cf0858efd 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Oracle Linux 8,multi_platform_rhel
++# platform = multi_platform_fedora,Oracle Linux 9,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+
+ authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh
index e82ecb7f5..7386d3217 100644
--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/tests/custom-package-removed.fail.sh
@@ -1998,63 +2222,113 @@ index e82ecb7f5..7386d3217 100644
# Package libpwquality cannot be uninstalled normally
# as it would cause removal of sudo package which is
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+index a13c434ec..a03d90c41 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+@@ -8,7 +8,7 @@ description: |-
+ Edit the password section in
+ /etc/pam.d/password-auth to show
+ password requisite pam_pwquality.so .
+- {{% if product in ["fedora", "rhel10"] %}}
++ {{% if product in ["fedora", "rhel10", "almalinux10"] %}}
+ The pam_pwquality module should be enabled using the authselect tool.
+ By default, authselect always configures pam_pwquality local_users_only as a part of local , sssd , and winbind profiles.
+ No additional authselect feature is needed to be enabled.
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+index 1dd65c3f4..aecb405b5 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+@@ -8,7 +8,7 @@ description: |-
+ Edit the password section in
+ /etc/pam.d/system-auth to show
+ password requisite pam_pwquality.so .
+- {{% if product in ["fedora", "rhel10"] %}}
++ {{% if product in ["fedora", "rhel10", "almalinux10"] %}}
+ The pam_pwquality module should be enabled using the authselect tool.
+ By default, authselect always configures pam_pwquality local_users_only as a part of local , sssd , and winbind profiles.
+ No additional authselect feature is needed to be enabled.
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
-index c61f9b6d5..e7cccaed5 100644
+index a151577a5..2f21c2359 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_password_pam_retry=3
+
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_conflicting_values.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_conflicting_values.fail.sh
+index 36ddc1d94..8ec3d927a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_conflicting_values.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_conflicting_values.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_retry=3
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
-index 601d32759..bc4453182 100644
+index d65976fa1..65914eaef 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_retry=3
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
-index e4f1de0cc..18be59047 100644
+index 39f98ec3f..06837bd37 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_password_pam_retry=3
+
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_duplicate_values.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_duplicate_values.pass.sh
+index d2a2dc2d0..026cc0501 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_duplicate_values.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_duplicate_values.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_retry=3
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
-index d70521e76..d24de47b6 100644
+index 2bd6c06a5..97a5f3e66 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_retry=3
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
-index dc7fe32d1..3313d5dea 100644
+index 459ae7843..86e7dec6d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
--# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
-+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_retry=3
source common.sh
@@ -2225,56 +2499,56 @@ index 517c83c6e..041e9a29c 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
-index f8c47e96a..d0aaabaf7 100644
+index ed94337e6..318ed9da3 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
systemctl disable --now ctrl-alt-del.target
systemctl mask --now ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
-index 41eed9737..992dc2304 100644
+index 3e37419e8..029e44c9d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
--# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
-+# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
systemctl unmask ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
-index 19345cfcf..374e76ec6 100644
+index 31c41fba2..c1729abbc 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
rm -f /etc/systemd/system/emergency.service
mkdir -p /etc/systemd/system/emergency.service.d/
cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
-index da0d857f6..a7d75247c 100644
+index 8fb2960e0..57568d8cb 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
-+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
rm -f /etc/systemd/system/emergency.service
mkdir -p /etc/systemd/system/emergency.service.d/
cat << EOF > /etc/systemd/system/emergency.service.d/10-oscap.conf
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
-index 07b8e331a..850cd60d9 100644
+index c15034231..01fbc0695 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_fedora,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
rm -rf /etc/systemd/system/rescue.service.d
mkdir -p /etc/systemd/system/rescue.service.d
cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf
@@ -2290,13 +2564,13 @@ index f735f3270..027fbbe3d 100644
service_file="/usr/lib/systemd/system/rescue.service"
sulogin="/usr/lib/systemd/systemd-sulogin-shell"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
-index 4557b0512..043753f03 100644
+index 01701eefb..a3b846c14 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_fedora,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
rm -rf /etc/systemd/system/rescue.service.d
mkdir -p /etc/systemd/system/rescue.service.d
@@ -2321,7 +2595,7 @@ index f47326940..42d591752 100644
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
-index dc63eb653..dc6931307 100644
+index 6eb24c8ef..718f8cb2e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -2397,7 +2671,7 @@ index 6b2d6cd5e..c20712c9f 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
-index 08b89bf8f..cea27ab4d 100644
+index 2cbb501f6..27700c4b4 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -2437,34 +2711,70 @@ index 7bdb759f6..dd157f1e3 100644
# reboot = false
# strategy = restrict
# complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
-index ba82e5ddb..ddbac0bcf 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+index db6c94724..57535bb74 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # remediation = none
+
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+index c05d6d2c2..5b132cfb6 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+index c8ab00326..a6a41bb08 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_gid_0.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_gid_0.fail.sh
+index 5e2919e78..c22311899 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_gid_0.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_gid_0.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
- # Remediation doesn't fix the rule, only locks passwords
- # of non-root accounts with uid 0.
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# remediation = none
+
+ useradd --gid 0 root2
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
-index 987fb5d8b..8b5d81151 100644
+index 8469f530b..83ecdd81a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
-index df4c8338b..481ceb571 100644
+index ab0e591f1..605e5d2b0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian,multi_platform_fedora
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
@@ -2480,27 +2790,27 @@ index 8f87bf06e..6bed5ef5a 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
-index 9bbbb9585..766df9993 100644
+index 6d79f4e9d..b57b787a8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
-index cb7530b38..c33fd385c 100644
+index 35df572f9..548a5aee6 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
PAM_CONF=/etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
-index d3798de62..19761e09d 100644
+index 4d08bb696..febed69bb 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -2510,7 +2820,7 @@ index d3798de62..19761e09d 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
-index da628bc5e..90f23cb90 100644
+index 12a861bb1..d16d24b51 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -2519,16 +2829,26 @@ index da628bc5e..90f23cb90 100644
# reboot = false
# strategy = restrict
# complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_bash_history/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/file_permission_user_bash_history/bash/shared.sh
+index ceac5e3ff..6b9ed3049 100644
+--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_bash_history/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_bash_history/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
-index 7ea0f9bcf..c975769f8 100644
+index 663a3282c..07e271999 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/tests/invalid_username.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# remediation = none
--# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,multi_platform_ubuntu,multi_platform_sle
-+# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu,multi_platform_sle
+-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,multi_platform_ubuntu,multi_platform_sle,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10,multi_platform_ubuntu,multi_platform_sle,multi_platform_fedora
. $SHARED/grub2.sh
@@ -2544,7 +2864,7 @@ index 892523fc4..9fbba1ccb 100644
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
-index 82b0d0651..e1c9ecdd5 100644
+index 907b69cc3..bc2426c0c 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
@@ -11,7 +11,7 @@
@@ -2566,7 +2886,7 @@ index 82b0d0651..e1c9ecdd5 100644
comment="look for logrotate.timer in multi-user.target.wants and timers.target.wants"
id="test_logrotate_enabled_systemd_target" version="1">
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
-index 94cb0e893..d13183224 100644
+index 18d73bb72..231c48285 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
@@ -1,5 +1,5 @@
@@ -2862,28 +3182,213 @@ index 89d344c4f..1a926adaa 100644
# check-import = stdout
tbl_output=$(nft list tables | grep inet)
+diff --git a/linux_os/guide/system/network/network_nmcli_permissions/tests/missing_compat_package.fail.sh b/linux_os/guide/system/network/network_nmcli_permissions/tests/missing_compat_package.fail.sh
+index 2dc3f4431..24c971141 100644
+--- a/linux_os/guide/system/network/network_nmcli_permissions/tests/missing_compat_package.fail.sh
++++ b/linux_os/guide/system/network/network_nmcli_permissions/tests/missing_compat_package.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = polkit
+-# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10
++# platform = Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10,AlmaLinux OS 10
+ # This TS is a regression test for https://issues.redhat.com/browse/RHEL-87606
+ dnf remove -y --noautoremove polkit-pkla-compat
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/sce/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/sce/shared.sh
+index 0eee598bf..c3aa51320 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ {{{ find_directories(find_parameters="\( -perm -0002 -a ! -perm -1000 \)", fail_message="Found directories with writable sticky bits") }}}
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/sce/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/sce/shared.sh
+index facc0ad8d..f19540f78 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ {{{ find_directories(find_parameters="-perm -0002 -uid +"~uid_min, fail_message="Found world-writable directories that are not owned by a system account") }}}
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/sce/shared.sh b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/sce/shared.sh
+index a6fb2064a..4d8f7030f 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-perm -2000", fail_message="Found SGID executables that are unauthorized", skip_rpm_owned_files=True) }}}
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/sce/shared.sh b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/sce/shared.sh
+index d7bb76269..08156544b 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-perm -4000", fail_message="Found SUID executables that are unauthorized", skip_rpm_owned_files=True) }}}
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/sce/shared.sh b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/sce/shared.sh
+index bca90c8ba..4ed275284 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel,Ubuntu 24.04
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Ubuntu 24.04
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-perm -002", fail_message="Found world-writable files") }}}
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/tests/world_writable_tmp.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/tests/world_writable_tmp.fail.sh
+index c6b866ea6..392196483 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/tests/world_writable_tmp.fail.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/tests/world_writable_tmp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+
+ find / -xdev -type f -perm -002 -exec chmod o-w {} \;
+
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/sce/shared.sh b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/sce/shared.sh
+index 02e5cd08e..104d1371a 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel,Ubuntu 24.04
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Ubuntu 24.04
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-nogroup", fail_message="Found ungroupowned files", exclude_directories="sysroot") }}}
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/tests/unowned_file_tmp.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/tests/unowned_file_tmp.fail.sh
+index 44f6c84dd..b37b68810 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/tests/unowned_file_tmp.fail.sh
++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/tests/unowned_file_tmp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # remediation = none
+
+ mount tmpfs /tmp -t tmpfs
+diff --git a/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/sce/shared.sh b/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/sce/shared.sh
+index 12f46c0b1..cf3e7428c 100644
+--- a/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel,Ubuntu 24.04
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Ubuntu 24.04
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-nogroup", fail_message="Found ungroupowned files or directories", exclude_directories="sysroot") }}}
+diff --git a/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/tests/unowned_file_tmp.fail.sh b/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/tests/unowned_file_tmp.fail.sh
+index ef64cf6aa..2e5220217 100644
+--- a/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/tests/unowned_file_tmp.fail.sh
++++ b/linux_os/guide/system/permissions/files/no_files_or_dirs_ungroupowned/tests/unowned_file_tmp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # remediation = none
+
+ touch /tmp/test
+diff --git a/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/sce/shared.sh b/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/sce/shared.sh
+index 5c2dda5f9..68877027e 100644
+--- a/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-nouser", fail_message="Found unowned files or directories") }}}
+diff --git a/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/tests/unowned_file_tmp.fail.sh b/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/tests/unowned_file_tmp.fail.sh
+index c1d6cd0fb..78faa5993 100644
+--- a/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/tests/unowned_file_tmp.fail.sh
++++ b/linux_os/guide/system/permissions/files/no_files_or_dirs_unowned_by_user/tests/unowned_file_tmp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # remediation = none
+
+ touch /tmp/test
+diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/sce/shared.sh b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/sce/shared.sh
+index 982caa000..5fcb2cf41 100644
+--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/sce/shared.sh
++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+
+ {{{ find_files(find_parameters="-nouser", fail_message="Found unowned files") }}}
+diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/tests/unowned_file_tmp.fail.sh b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/tests/unowned_file_tmp.fail.sh
+index c1b6d3e79..8109c5d55 100644
+--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/tests/unowned_file_tmp.fail.sh
++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/tests/unowned_file_tmp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # remediation = none
+
+ mount tmpfs /tmp -t tmpfs
+diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
+index 29ec8f733..1e3d5130e 100644
+--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_slmicro,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_slmicro,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
+index 83c283c8c..188870908 100644
+--- a/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_important_account_files/file_etc_security_opasswd/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_slmicro,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_slmicro,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+
+ # Create /etc/security/opasswd if needed
+ # Owner group mode root.root 0600
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
-index af967f535..4847d0c3c 100644
+index 64c5cc680..8c4537502 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
-+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu,multi_platform_ol
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu,multi_platform_ol
for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
-index 1fd8fe347..5dc9e9538 100644
+index 651297f9e..7c4db56db 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
--# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
-+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu,multi_platform_ol
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu,multi_platform_ol
groupadd group_test
- for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
+ {{% if 'ol8' in product or 'rhel' in product %}}
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
index b0d594003..4a71eccda 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
@@ -2983,7 +3488,7 @@ index 88c683445..fa9b2020d 100644
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
-index a94218c1b..95b2046e0 100644
+index a15c44348..9ed957ad9 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -12,7 +12,7 @@ rationale: |-
@@ -3128,12 +3633,12 @@ index 9558acad7..52cc0a789 100644
# Package libselinux cannot be uninstalled normally
# as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
-index 24223598f..5503047c7 100644
+index a028877c1..fd4e433c1 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -4,7 +4,7 @@
The operating system installed on the system is supported by a vendor that provides security patches.
- ") }}}
+ ", rule_title=rule_title) }}}
-
+- {{% if product in ["ol9","rhel9","rhel10","fedora"] -%}}
++ {{% if product in ["ol9","rhel9","rhel10", "almalinux10","fedora"] -%}}
+ ^FIPS(:(OSPP|STIG))?$
+ {{%- else %}}
+ {{# Legacy and more relaxed list of crypto policies that were historically considered
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/sce/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/sce/shared.sh
+index df1317b6b..b3c62cf8c 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/sce/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ readarray -t FILES_WITH_INCORRECT_HASHES < <(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/sce/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/sce/shared.sh
+index 30e53fd4c..88bbc9f5a 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/sce/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ readarray -t FILES_WITH_INCORRECT_OWNERSHIP < <(rpm -Va --nofiledigest | awk '{ if (substr($0,6,1)=="U" || substr($0,7,1)=="G") print $NF }')
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/sce/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/sce/shared.sh
+index a2cee384f..5c01dd1d6 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/sce/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/usr/bin/env bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # check-import = stdout
+
+ readarray -t FILES_WITH_INCORRECT_PERMS < <(rpm -Va --nofiledigest | awk '{ if (substr($0,2,1)=="M") print $NF }')
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh
index f8b112e1a..33a266be6 100644
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/tests/custom-package-removed.fail.sh
@@ -3273,7 +3868,7 @@ index 1c68a6ec3..fa8f50b84 100644
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
-index af72a7d18..8f5a02c51 100644
+index 015c5b029..508241c9f 100644
--- a/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/enable_gpgcheck_for_all_repositories/ansible/shared.yml
@@ -1,4 +1,4 @@
@@ -3639,10 +4234,11 @@ index 000000000..a428a42ec
+rsyslog_cafile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
diff --git a/products/almalinux10/profiles/anssi_bp28_enhanced.profile b/products/almalinux10/profiles/anssi_bp28_enhanced.profile
new file mode 100644
-index 000000000..1a013f1de
+index 000000000..bf0acb490
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_enhanced.profile
-@@ -0,0 +1,87 @@
+@@ -0,0 +1,92 @@
++---
+documentation_complete: true
+
+metadata:
@@ -3668,6 +4264,7 @@ index 000000000..1a013f1de
+selections:
+ - anssi:all:enhanced
+ - var_password_hashing_algorithm_pam=yescrypt
++ - var_authselect_profile=local
+ # Following rules are incompatible with rhel10 product
+ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
@@ -3730,12 +4327,16 @@ index 000000000..1a013f1de
+ - '!sssd_ldap_start_tls'
+ # These rules are no longer relevant
+ - '!prefer_64bit_os'
++ - '!ldap_client_tls_cacertpath'
++ - '!no_nis_in_nsswitch'
++ - '!ldap_client_start_tls'
diff --git a/products/almalinux10/profiles/anssi_bp28_high.profile b/products/almalinux10/profiles/anssi_bp28_high.profile
new file mode 100644
-index 000000000..d769a2284
+index 000000000..1f17eaa75
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_high.profile
-@@ -0,0 +1,99 @@
+@@ -0,0 +1,104 @@
++---
+documentation_complete: true
+
+metadata:
@@ -3761,6 +4362,7 @@ index 000000000..d769a2284
+selections:
+ - anssi:all:high
+ - var_password_hashing_algorithm_pam=yescrypt
++ - var_authselect_profile=local
+ # the following rule renders UEFI systems unbootable
+ - '!sebool_secure_mode_insmod'
+ # Following rules are incompatible with rhel10 product
@@ -3835,12 +4437,16 @@ index 000000000..d769a2284
+ - '!kernel_config_refcount_full'
+ - '!kernel_config_retpoline'
+ - '!kernel_config_security_writable_hooks'
++ - '!ldap_client_tls_cacertpath'
++ - '!no_nis_in_nsswitch'
++ - '!ldap_client_start_tls'
diff --git a/products/almalinux10/profiles/anssi_bp28_intermediary.profile b/products/almalinux10/profiles/anssi_bp28_intermediary.profile
new file mode 100644
-index 000000000..11a10d1e0
+index 000000000..4349399a5
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_intermediary.profile
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,67 @@
++---
+documentation_complete: true
+
+metadata:
@@ -3865,7 +4471,9 @@ index 000000000..11a10d1e0
+
+selections:
+ - anssi:all:intermediary
++ - '!ldap_client_tls_cacertpath'
+ - var_password_hashing_algorithm_pam=yescrypt
++ - var_authselect_profile=local
+ # Following rules are incompatible with rhel10 product
+ - '!enable_authselect'
+ # tally2 is deprecated, replaced by faillock
@@ -3903,12 +4511,15 @@ index 000000000..11a10d1e0
+ - '!sssd_ldap_start_tls'
+ # RHEL 10 unified the paths for grub2 files. This rule is selected in control file by R5.
+ - '!grub2_uefi_password'
++ - '!no_nis_in_nsswitch'
++ - '!ldap_client_start_tls'
diff --git a/products/almalinux10/profiles/anssi_bp28_minimal.profile b/products/almalinux10/profiles/anssi_bp28_minimal.profile
new file mode 100644
-index 000000000..5833a0cce
+index 000000000..6d6492592
--- /dev/null
+++ b/products/almalinux10/profiles/anssi_bp28_minimal.profile
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,59 @@
++---
+documentation_complete: true
+
+metadata:
@@ -3934,8 +4545,11 @@ index 000000000..5833a0cce
+selections:
+ - anssi:all:minimal
+ - var_password_hashing_algorithm_pam=yescrypt
++ - var_authselect_profile=local
+ # Following rules are incompatible with rhel10 product
+ - '!enable_authselect'
++ - '!ldap_client_tls_cacertpath'
++ - '!ldap_client_start_tls'
+ # tally2 is deprecated, replaced by faillock
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
@@ -3963,104 +4577,134 @@ index 000000000..5833a0cce
+ - '!package_ypserv_removed'
+ # these rules are failing when they are remediated with Ansible, removing then temporarily until they are fixed
+ - '!accounts_password_pam_retry'
++ - '!no_nis_in_nsswitch'
diff --git a/products/almalinux10/profiles/cis.profile b/products/almalinux10/profiles/cis.profile
new file mode 100644
-index 000000000..32ccfff1f
+index 000000000..fe74c9b09
--- /dev/null
+++ b/products/almalinux10/profiles/cis.profile
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,24 @@
++---
+documentation_complete: true
+
+metadata:
++ version: 1.0.0
+ SMEs:
-+ - marcusburghardt
++ - mab879
++ - ggbecker
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
-+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Server'
++title: 'CIS AlmaLinux OS 10 Benchmark for Level 2 - Server'
+
+description: |-
-+ This is a draft profile for experimental purposes.
-+ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet
-+ exist at time of the release.
++ This profile defines a baseline that aligns to the "Level 2 - Server"
++ configuration from the Center for Internet Security®
++ AlmaLinux OS 10 Benchmark™, v1.0.0, released 2025-09-30.
++
++ This profile includes Center for Internet Security®
++ AlmaLinux OS 10 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel10:all:l2_server
++ - var_authselect_profile=local
diff --git a/products/almalinux10/profiles/cis_server_l1.profile b/products/almalinux10/profiles/cis_server_l1.profile
new file mode 100644
-index 000000000..d43ea6ea1
+index 000000000..c6aaf4e56
--- /dev/null
+++ b/products/almalinux10/profiles/cis_server_l1.profile
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,24 @@
++---
+documentation_complete: true
+
+metadata:
++ version: 1.0.0
+ SMEs:
-+ - marcusburghardt
++ - mab879
++ - ggbecker
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
-+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Server'
++title: 'CIS AlmaLinux OS 10 Benchmark for Level 1 - Server'
+
+description: |-
-+ This is a draft profile for experimental purposes.
-+ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet
-+ exist at time of the release.
++ This profile defines a baseline that aligns to the "Level 1 - Server"
++ configuration from the Center for Internet Security®
++ AlmaLinux OS 10 Benchmark™, v1.0.0, released 2025-09-30.
++
++ This profile includes Center for Internet Security®
++ AlmaLinux OS 10 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel10:all:l1_server
++ - var_authselect_profile=local
diff --git a/products/almalinux10/profiles/cis_workstation_l1.profile b/products/almalinux10/profiles/cis_workstation_l1.profile
new file mode 100644
-index 000000000..27096ea00
+index 000000000..c5975053e
--- /dev/null
+++ b/products/almalinux10/profiles/cis_workstation_l1.profile
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,24 @@
++---
+documentation_complete: true
+
+metadata:
++ version: 1.0.0
+ SMEs:
-+ - marcusburghardt
++ - mab879
++ - ggbecker
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
-+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 1 - Workstation'
++title: 'CIS AlmaLinux OS 10 Benchmark for Level 1 - Workstation'
+
+description: |-
-+ This is a draft profile for experimental purposes.
-+ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet
-+ exist at time of the release.
++ This profile defines a baseline that aligns to the "Level 1 - Workstation"
++ configuration from the Center for Internet Security®
++ AlmaLinux OS 10 Benchmark™, v1.0.0, released 2025-09-30.
++
++ This profile includes Center for Internet Security®
++ AlmaLinux OS 10 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel10:all:l1_workstation
++ - var_authselect_profile=local
diff --git a/products/almalinux10/profiles/cis_workstation_l2.profile b/products/almalinux10/profiles/cis_workstation_l2.profile
new file mode 100644
-index 000000000..7d905f749
+index 000000000..c57f752a2
--- /dev/null
+++ b/products/almalinux10/profiles/cis_workstation_l2.profile
-@@ -0,0 +1,17 @@
+@@ -0,0 +1,24 @@
++---
+documentation_complete: true
+
+metadata:
++ version: 1.0.0
+ SMEs:
-+ - marcusburghardt
++ - mab879
++ - ggbecker
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
-+title: 'DRAFT - CIS AlmaLinux OS 10 Benchmark for Level 2 - Workstation'
++title: 'CIS AlmaLinux OS 10 Benchmark for Level 2 - Workstation'
+
+description: |-
-+ This is a draft profile for experimental purposes.
-+ It is based on the CIS AlmaLinux OS 9 profile, because an equivalent policy for AlmaLinux OS 10 didn't yet
-+ exist at time of the release.
++ This profile defines a baseline that aligns to the "Level 2 - Workstation"
++ configuration from the Center for Internet Security®
++ AlmaLinux OS 10 Benchmark™, v1.0.0, released 2025-09-30.
++
++ This profile includes Center for Internet Security®
++ AlmaLinux OS 10 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel10:all:l2_workstation
++ - var_authselect_profile=local
diff --git a/products/almalinux10/profiles/default.profile b/products/almalinux10/profiles/default.profile
new file mode 100644
-index 000000000..1616e1bbe
+index 000000000..7f41b29a6
--- /dev/null
+++ b/products/almalinux10/profiles/default.profile
-@@ -0,0 +1,33 @@
+@@ -0,0 +1,45 @@
++---
+documentation_complete: true
+
+hidden: true
@@ -4068,38 +4712,50 @@ index 000000000..1616e1bbe
+title: Default Profile for AlmaLinux OS 10
+
+description: |-
-+ This profile contains all the rules that once belonged to the rhel10
-+ product. This profile won't be rendered into an XCCDF Profile entity,
-+ nor it will select any of these rules by default. The only purpose of
-+ this profile is to keep a rule in the product's XCCDF Benchmark.
++ This profile contains all the rules that once belonged to the rhel10
++ product. This profile won't be rendered into an XCCDF Profile entity,
++ nor it will select any of these rules by default. The only purpose of
++ this profile is to keep a rule in the product's XCCDF Benchmark.
+
+selections:
-+ - grub2_nousb_argument
-+ - audit_rules_kernel_module_loading_create
-+ - grub2_uefi_admin_username
-+ - grub2_uefi_password
-+ - no_tmux_in_shells
-+ - package_tmux_installed
-+ - configure_tmux_lock_after_time
-+ - configure_tmux_lock_command
-+ - configure_tmux_lock_keybinding
-+ - audit_rules_session_events
-+ - enable_authselect
-+ - audit_rules_login_events
-+ - audit_rules_unsuccessful_file_modification
-+ - configure_openssl_tls_crypto_policy
-+ - audit_rules_privileged_commands_pt_chown
-+ - package_iprutils_removed
-+ - service_rlogin_disabled
-+ - service_rsh_disabled
-+ - service_rexec_disabled
-+ - package_scap-security-guide_installed
++ - grub2_nousb_argument
++ - audit_rules_kernel_module_loading_create
++ - grub2_uefi_admin_username
++ - grub2_uefi_password
++ - no_tmux_in_shells
++ - package_tmux_installed
++ - configure_tmux_lock_after_time
++ - configure_tmux_lock_command
++ - configure_tmux_lock_keybinding
++ - audit_rules_session_events
++ - enable_authselect
++ - audit_rules_login_events
++ - audit_rules_unsuccessful_file_modification
++ - configure_openssl_tls_crypto_policy
++ - audit_rules_privileged_commands_pt_chown
++ - package_iprutils_removed
++ - service_rlogin_disabled
++ - service_rsh_disabled
++ - service_rexec_disabled
++ - package_scap-security-guide_installed
++ - set_password_hashing_yescrypt_cost_factor_logindefs
++ - var_authselect_profile=local
++ - audit_rules_networkconfig_modification_network_scripts
++ - package_pam_pwquality_installed
++ - journald_compress
++ - socket_systemd-journal-remote_disabled
++ - package_systemd-journal-remote_installed
++ - journald_storage
++ - partition_for_dev_shm
++ - file_etc_security_opasswd
++ - sshd_use_strong_macs
diff --git a/products/almalinux10/profiles/e8.profile b/products/almalinux10/profiles/e8.profile
new file mode 100644
-index 000000000..e70330c0d
+index 000000000..2f2c957a8
--- /dev/null
+++ b/products/almalinux10/profiles/e8.profile
-@@ -0,0 +1,39 @@
+@@ -0,0 +1,40 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4141,10 +4797,11 @@ index 000000000..e70330c0d
+ - '!security_patches_up_to_date'
diff --git a/products/almalinux10/profiles/hipaa.profile b/products/almalinux10/profiles/hipaa.profile
new file mode 100644
-index 000000000..ee39fc73f
+index 000000000..344dcad9e
--- /dev/null
+++ b/products/almalinux10/profiles/hipaa.profile
-@@ -0,0 +1,68 @@
+@@ -0,0 +1,69 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4215,10 +4872,11 @@ index 000000000..ee39fc73f
+ - '!service_rexec_disabled'
diff --git a/products/almalinux10/profiles/ism_o.profile b/products/almalinux10/profiles/ism_o.profile
new file mode 100644
-index 000000000..9021df832
+index 000000000..622f68ef1
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o.profile
-@@ -0,0 +1,50 @@
+@@ -0,0 +1,62 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4249,6 +4907,7 @@ index 000000000..9021df832
+
+selections:
+ - ism_o:all:base
++
+ # these rules do not work properly on RHEL 10 for now
+ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
@@ -4269,12 +4928,23 @@ index 000000000..9021df832
+ # This rule is not applicable for RHEL 10
+ - '!force_opensc_card_drivers'
+ - '!service_chronyd_or_ntpd_enabled'
++ - '!accounts_password_all_shadowed'
++ - '!usbguard_allow_hid_and_hub'
++ - '!sshd_allow_only_protocol2'
++ - '!security_patches_up_to_date'
++ - '!rpm_verify_ownership'
++ - '!rpm_verify_permissions'
++ - '!package_rear_installed'
++ - '!package_ypbind_removed'
++ - '!package_xinetd_removed'
++ - '!service_xinetd_disabled'
diff --git a/products/almalinux10/profiles/ism_o_secret.profile b/products/almalinux10/profiles/ism_o_secret.profile
new file mode 100644
-index 000000000..a1ea6e884
+index 000000000..d3ac3fab1
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o_secret.profile
-@@ -0,0 +1,52 @@
+@@ -0,0 +1,64 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4307,6 +4977,7 @@ index 000000000..a1ea6e884
+
+selections:
+ - ism_o:all:secret
++
+ # these rules do not work properly on RHEL 10 for now
+ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
@@ -4327,12 +4998,23 @@ index 000000000..a1ea6e884
+ # This rule is not applicable for RHEL 10
+ - '!force_opensc_card_drivers'
+ - '!service_chronyd_or_ntpd_enabled'
++ - '!accounts_password_all_shadowed'
++ - '!usbguard_allow_hid_and_hub'
++ - '!sshd_allow_only_protocol2'
++ - '!security_patches_up_to_date'
++ - '!rpm_verify_ownership'
++ - '!rpm_verify_permissions'
++ - '!package_rear_installed'
++ - '!package_ypbind_removed'
++ - '!package_xinetd_removed'
++ - '!service_xinetd_disabled'
diff --git a/products/almalinux10/profiles/ism_o_top_secret.profile b/products/almalinux10/profiles/ism_o_top_secret.profile
new file mode 100644
-index 000000000..8c77e37d9
+index 000000000..d9c30b919
--- /dev/null
+++ b/products/almalinux10/profiles/ism_o_top_secret.profile
-@@ -0,0 +1,50 @@
+@@ -0,0 +1,62 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4363,6 +5045,7 @@ index 000000000..8c77e37d9
+
+selections:
+ - ism_o:all:top_secret
++
+ # these rules do not work properly on RHEL 10 for now
+ - '!enable_authselect'
+ - '!enable_dracut_fips_module'
@@ -4383,12 +5066,23 @@ index 000000000..8c77e37d9
+ # This rule is not applicable for RHEL 10
+ - '!force_opensc_card_drivers'
+ - '!service_chronyd_or_ntpd_enabled'
++ - '!accounts_password_all_shadowed'
++ - '!usbguard_allow_hid_and_hub'
++ - '!sshd_allow_only_protocol2'
++ - '!security_patches_up_to_date'
++ - '!rpm_verify_ownership'
++ - '!rpm_verify_permissions'
++ - '!package_rear_installed'
++ - '!package_ypbind_removed'
++ - '!package_xinetd_removed'
++ - '!service_xinetd_disabled'
diff --git a/products/almalinux10/profiles/ospp.profile b/products/almalinux10/profiles/ospp.profile
new file mode 100644
-index 000000000..fce0fd011
+index 000000000..d3b46bc35
--- /dev/null
+++ b/products/almalinux10/profiles/ospp.profile
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,30 @@
++---
+documentation_complete: true
+hidden: true
+
@@ -4406,24 +5100,25 @@ index 000000000..fce0fd011
+ This is draft profile is based on the Red Hat Enterprise Linux 9 Common Criteria Guidance as
+ guidance for Red Hat Enterprise Linux 10 was not available at the time of release.
+
-+
+ Where appropriate, CNSSI 1253 or DoD-specific values are used for
+ configuration, based on Configuration Annex to the OSPP.
+
+selections:
+ - ospp:all
++ - var_authselect_profile=local
++
+ - '!package_screen_installed'
+ - '!package_dnf-plugin-subscription-manager_installed'
+ - '!package_scap-security-guide_installed'
+ # Currently not working RHEL 10, changes are being made to FIPS mode. Investigation is recommended.
+ - '!enable_dracut_fips_module'
-+ - '!enable_authselect'
diff --git a/products/almalinux10/profiles/pci-dss.profile b/products/almalinux10/profiles/pci-dss.profile
new file mode 100644
-index 000000000..b7a8eba3e
+index 000000000..3bdb6a93f
--- /dev/null
+++ b/products/almalinux10/profiles/pci-dss.profile
-@@ -0,0 +1,85 @@
+@@ -0,0 +1,86 @@
++---
+documentation_complete: true
+
+metadata:
@@ -4511,18 +5206,18 @@ index 000000000..b7a8eba3e
+ - '!kernel_module_dccp_disabled'
diff --git a/products/almalinux10/profiles/stig.profile b/products/almalinux10/profiles/stig.profile
new file mode 100644
-index 000000000..68cfac18e
+index 000000000..3c1b0ee2b
--- /dev/null
+++ b/products/almalinux10/profiles/stig.profile
@@ -0,0 +1,25 @@
++---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - mab879
+
-+
-+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++reference: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+
+title: 'Red Hat STIG for Red Hat Enterprise Linux 10'
+
@@ -4542,23 +5237,23 @@ index 000000000..68cfac18e
+ - '!enable_dracut_fips_module'
diff --git a/products/almalinux10/profiles/stig_gui.profile b/products/almalinux10/profiles/stig_gui.profile
new file mode 100644
-index 000000000..a7d4a1877
+index 000000000..63b780ff5
--- /dev/null
+++ b/products/almalinux10/profiles/stig_gui.profile
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,46 @@
++---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - mab879
+
++reference: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+
-+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
-+
-+title: 'Red Hat STIG for Red Hat Enterprise Linux 10'
++title: 'Red Hat STIG with GUI for Red Hat Enterprise Linux 10'
+
+description: |-
-+ This is a profile based on what is expected in the RHEL 10 STIG.:
++ This is a profile based on what is expected in the RHEL 10 STIG.
+ It is not based on the DISA STIG for RHEL 10, because it was not available at time of
+ the release.
+
@@ -4566,6 +5261,12 @@ index 000000000..a7d4a1877
+ configuration baseline is applicable to the operating system tier of
+ Red Hat technologies that are based on Red Hat Enterprise Linux 10.
+
++ Warning: The installation and use of a Graphical User Interface (GUI)
++ increases your attack vector and decreases your overall security posture. If
++ your Information Systems Security Officer (ISSO) lacks a documented operational
++ requirement for a graphical user interface, please consider using the
++ standard DISA STIG for Red Hat Enterprise Linux 10 profile.
++
+extends: stig
+
+selections:
@@ -4647,12 +5348,12 @@ index 000000000..f156a6695
+
diff --git a/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt
new file mode 100644
-index 000000000..30419e92b
+index 000000000..9d8d3e5fa
--- /dev/null
+++ b/products/almalinux10/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,9 @@
+
-+
++
+
+multi_platform_almalinux
multi_platform_rhv
multi_platform_sle
- multi_platform_slmicro5
+ multi_platform_slmicro
diff --git a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
index e83699662..1efabcf62 100644
--- a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
@@ -4796,10 +5497,10 @@ index e83699662..1efabcf62 100644
set superusers="[someuniquestringhere]"
export superusers
-diff --git a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
-index 3071029bd..41db6bc3c 100644
---- a/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol8-v2r4-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-ol8-v2r5-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r5-xccdf-manual.xml
+index 1c9e7252b..2e2ca9e8f 100644
+--- a/shared/references/disa-stig-ol8-v2r5-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol8-v2r5-xccdf-manual.xml
@@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
-
- CCI-000213
-- Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file.
-+ Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file.
-
- Generate an encrypted grub2 password for the grub superusers account with the following command:
-
-@@ -12636,8 +12636,8 @@ The "logind" service must be restarted for the changes to take effect. To restar
-
--
-
-
-@@ -20409,11 +20409,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi
-
-
--
-+
-
--
-+
-
-@@ -22349,12 +22349,12 @@ By limiting the number of attempts to meet the pwquality module complexity requi
- 1
-
-
-- /boot/efi/EFI/redhat/grub.cfg
-+ /boot/efi/EFI/almalinux/grub.cfg
- ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
- 1
-
-
-- /boot/efi/EFI/redhat/user.cfg
-+ /boot/efi/EFI/almalinux/user.cfg
- ^\s*GRUB2_PASSWORD=(\S+)\b
- 1
-
-diff --git a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-index bbc44024b..ef94e40fa 100644
---- a/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel8-v2r2-xccdf-scap.xml
-@@ -3134,7 +3134,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
-
- CCI-000213
-- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
-
- Generate an encrypted grub2 password for the grub superusers account with the following command:
-
-@@ -12106,8 +12106,8 @@ $ sudo systemctl restart systemd-logind
-
--
-
-
-@@ -19802,11 +19802,11 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
-
-
--
-+
-
--
-+
-
-@@ -21745,12 +21745,12 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
- 1
-
-
-- /boot/efi/EFI/redhat/grub.cfg
-+ /boot/efi/EFI/almalinux/grub.cfg
- ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
- 1
-
-
-- /boot/efi/EFI/redhat/user.cfg
-+ /boot/efi/EFI/almalinux/user.cfg
- ^\s*GRUB2_PASSWORD=(\S+)\b
- 1
-
-diff --git a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
-index 7fa5cfb17..4024119f2 100644
---- a/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
-+++ b/shared/references/disa-stig-rhel8-v2r3-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-ol8-v2r5-xccdf-scap.xml b/shared/references/disa-stig-ol8-v2r5-xccdf-scap.xml
+index 3737b411a..c2f91b544 100644
+--- a/shared/references/disa-stig-ol8-v2r5-xccdf-scap.xml
++++ b/shared/references/disa-stig-ol8-v2r5-xccdf-scap.xml
+@@ -3378,7 +3378,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
+
+ CCI-000213
+- Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file.
++ Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file.
+
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+
+@@ -12588,8 +12588,8 @@ The "logind" service must be restarted for the changes to take effect. To restar
+
+-
+
+
+@@ -20282,11 +20282,11 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+
+
+-
++
+
+-
++
+
+@@ -22168,12 +22168,12 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+ 1
+
+
+- /boot/efi/EFI/redhat/grub.cfg
++ /boot/efi/EFI/almalinux/grub.cfg
+ ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
+ 1
+
+
+- /boot/efi/EFI/redhat/user.cfg
++ /boot/efi/EFI/almalinux/user.cfg
+ ^\s*GRUB2_PASSWORD=(\S+)\b
+ 1
+
+diff --git a/shared/references/disa-stig-rhel8-v2r4-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r4-xccdf-manual.xml
+index ea46d8343..ae0897b61 100644
+--- a/shared/references/disa-stig-rhel8-v2r4-xccdf-manual.xml
++++ b/shared/references/disa-stig-rhel8-v2r4-xccdf-manual.xml
@@ -370,7 +370,7 @@ SHA_CRYPT_MIN_ROUNDS 100000
+
+ CCI-000213
+- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+
+@@ -12049,8 +12049,8 @@ $ sudo systemctl restart systemd-logind
+
+-
+
+
+@@ -19662,11 +19662,11 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
+
+
+-
++
+
+-
++
+
+@@ -21551,12 +21551,12 @@ RHEL 8 uses "pwquality" as a mechanism to enforce password complexity. This is s
+ 1
+
+
+- /boot/efi/EFI/redhat/grub.cfg
++ /boot/efi/EFI/almalinux/grub.cfg
+ ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
+ 1
+
+
+- /boot/efi/EFI/redhat/user.cfg
++ /boot/efi/EFI/almalinux/user.cfg
+ ^\s*GRUB2_PASSWORD=(\S+)\b
+ 1
+
diff --git a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh b/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh
-index 8c002663d..c8d3ff1a4 100644
+index 17a1bd387..18b84aa2d 100644
--- a/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh
+++ b/shared/templates/accounts_password/tests/conflicting_values_directory.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# This test only applies to platforms that check the pwquality.conf.d directory
--# platform = Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_{{{ VARIABLE }}}={{{ TEST_VAR_VALUE }}}
truncate -s 0 /etc/security/pwquality.conf
diff --git a/shared/templates/accounts_password/tests/correct_value_directory.pass.sh b/shared/templates/accounts_password/tests/correct_value_directory.pass.sh
-index 689093008..c25c13332 100644
+index d10e78e8d..06a10a950 100644
--- a/shared/templates/accounts_password/tests/correct_value_directory.pass.sh
+++ b/shared/templates/accounts_password/tests/correct_value_directory.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# This test only applies to platforms that check the pwquality.conf.d directory
--# platform = Oracle Linux 8,multi_platform_rhel
-+# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
++# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
# variables = var_password_pam_{{{ VARIABLE }}}={{{ TEST_VAR_VALUE }}}
# This test will ensure that OVAL also checks the configuration in
+diff --git a/shared/templates/audit_rules_kernel_module_loading/tests/missing_auid_filter.fail.sh b/shared/templates/audit_rules_kernel_module_loading/tests/missing_auid_filter.fail.sh
+index a4415d213..7ba758438 100644
+--- a/shared/templates/audit_rules_kernel_module_loading/tests/missing_auid_filter.fail.sh
++++ b/shared/templates/audit_rules_kernel_module_loading/tests/missing_auid_filter.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_ubuntu
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = audit
+
+ rm -f /etc/audit/rules.d/*
diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh
index deca23463..fb11356dc 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_arch.fail.sh
@@ -5032,7 +5744,7 @@ index c5051bcf7..846c0e661 100644
# strategy = restrict
# complexity = medium
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
-index 4cc696340..7dcfe8e61 100644
+index f36c7d8bc..c465a15a3 100644
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
@@ -1,6 +1,6 @@
@@ -5056,7 +5768,7 @@ index c6d5b6b1b..0557b2f03 100644
{{%- if ARG_VARIABLE %}}
# variables = {{{ ARG_VARIABLE }}}=correct_value
diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
-index b875737f2..9685f6abd 100644
+index 788f128b3..44fa8621e 100644
--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
@@ -1,6 +1,6 @@
@@ -5173,7 +5885,7 @@ index 99f5e33b9..a0b930444 100644
# strategy = disable
# complexity = low
diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
-index 1e4ab26a7..88a935f88 100644
+index 805d70a75..75b375d26 100644
--- a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+++ b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
@@ -5182,7 +5894,7 @@ index 1e4ab26a7..88a935f88 100644
-# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel
+# platform = Oracle Linux 8,Oracle Linux 9,multi_platform_rhel,multi_platform_almalinux
- {{{ tests_init_faillock_vars("correct") }}}
+ {{{ tests_init_faillock_vars("correct", prm_name=PRM_NAME, ext_variable=EXT_VARIABLE, variable_lower_bound=VARIABLE_LOWER_BOUND, variable_upper_bound=VARIABLE_UPPER_BOUND) }}}
diff --git a/shared/templates/service_disabled/kickstart.template b/shared/templates/service_disabled/kickstart.template
index d1e39ae29..7ecd5523e 100644
@@ -5225,7 +5937,7 @@ index 451af774a..27ac615a2 100644
# strategy = disable
# complexity = low
diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
-index ab3f45c20..04b4f8cf8 100644
+index 3114b75fe..be92408dc 100644
--- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
@@ -1,6 +1,6 @@
@@ -5237,7 +5949,7 @@ index ab3f45c20..04b4f8cf8 100644
# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
{{%- endif %}}
diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
-index c5390ff13..9f596cf48 100644
+index b05adb222..1530e343c 100644
--- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
+++ b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
@@ -1,6 +1,6 @@
@@ -5249,7 +5961,7 @@ index c5390ff13..9f596cf48 100644
mkdir -p /etc/ssh/sshd_config.d
touch /etc/ssh/sshd_config.d/nothing
diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
-index 7d55e3d0d..f8ea20e04 100644
+index d91244f7a..047e5513a 100644
--- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
@@ -1,6 +1,6 @@
@@ -5261,7 +5973,7 @@ index 7d55e3d0d..f8ea20e04 100644
{{% if XCCDF_VARIABLE %}}
diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
-index c68680483..6c35a7465 100644
+index 15eb1d870..ab8ea90d7 100644
--- a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
@@ -1,6 +1,6 @@
@@ -5273,7 +5985,7 @@ index c68680483..6c35a7465 100644
{{% if XCCDF_VARIABLE %}}
# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
-index 983eb3fda..176f386e7 100644
+index c5f2c41e8..a76757970 100644
--- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
+++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
@@ -1,6 +1,6 @@
@@ -5285,7 +5997,7 @@ index 983eb3fda..176f386e7 100644
{{% if XCCDF_VARIABLE %}}
# variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
-index 73810f216..54434bb42 100644
+index feb74e3c4..b82bc305a 100644
--- a/shared/templates/zipl_bls_entries_option/ansible.template
+++ b/shared/templates/zipl_bls_entries_option/ansible.template
@@ -1,4 +1,4 @@
@@ -5305,7 +6017,7 @@ index e14d59dfc..1b236a130 100644
# Correct BLS option using grubby, which is a thin wrapper around BLS operations
grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
diff --git a/ssg/constants.py b/ssg/constants.py
-index a0265a9d9..ebc8165aa 100644
+index eedd39ab6..35c1260d5 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -40,7 +40,7 @@ SSG_REF_URIS = {
@@ -5317,7 +6029,7 @@ index a0265a9d9..ebc8165aa 100644
'anolis8',
'anolis23',
'al2023',
-@@ -211,7 +211,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+@@ -210,7 +210,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
FULL_NAME_TO_PRODUCT_MAPPING = {
"Alibaba Cloud Linux 2": "alinux2",
"Alibaba Cloud Linux 3": "alinux3",
@@ -5326,20 +6038,20 @@ index a0265a9d9..ebc8165aa 100644
"Anolis OS 8": "anolis8",
"Anolis OS 23": "anolis23",
"Amazon Linux 2023": "al2023",
-@@ -302,7 +302,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+@@ -300,7 +300,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
MULTI_PLATFORM_MAPPING = {
"multi_platform_alinux": ["alinux2", "alinux3"],
- "multi_platform_almalinux": ["almalinux9"],
+ "multi_platform_almalinux": ["almalinux10"],
"multi_platform_anolis": ["anolis8", "anolis23"],
- "multi_platform_debian": ["debian11", "debian12"],
+ "multi_platform_debian": ["debian11", "debian12", "debian13"],
"multi_platform_example": ["example"],
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
-index 27cf93dcc..16fc52311 100644
+index edb6411e3..4d21c0495 100644
--- a/tests/data/product_stability/ol7.yml
+++ b/tests/data/product_stability/ol7.yml
-@@ -30,7 +30,7 @@ groups:
+@@ -37,7 +37,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -5347,12 +6059,12 @@ index 27cf93dcc..16fc52311 100644
+grub2_uefi_boot_path: /boot/efi/EFI/almalinux
grub_helper_executable: grubby
init_system: systemd
- major_version_ordinal: 7
+ login_defs_path: /etc/login.defs
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
-index 169cd1991..f694d28f5 100644
+index 609a20b12..db4046ad1 100644
--- a/tests/data/product_stability/ol8.yml
+++ b/tests/data/product_stability/ol8.yml
-@@ -30,7 +30,7 @@ groups:
+@@ -37,7 +37,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -5360,12 +6072,12 @@ index 169cd1991..f694d28f5 100644
+grub2_uefi_boot_path: /boot/efi/EFI/almalinux
grub_helper_executable: grubby
init_system: systemd
- major_version_ordinal: 8
+ login_defs_path: /etc/login.defs
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
-index 8f764c4d1..0cc1d40ec 100644
+index 99dfa18bc..fe9fd40ef 100644
--- a/tests/data/product_stability/rhel8.yml
+++ b/tests/data/product_stability/rhel8.yml
-@@ -81,7 +81,7 @@ groups:
+@@ -89,7 +89,7 @@ groups:
dedicated_ssh_keyowner:
name: ssh_keys
grub2_boot_path: /boot/grub2
@@ -5411,7 +6123,7 @@ index 849ab06f6..1a4927eec 100644
export superusers
diff --git a/tests/shared/grub2.sh b/tests/shared/grub2.sh
-index 42abeb78e..fb99e71f2 100644
+index 10df2e2ad..4379d49a3 100644
--- a/tests/shared/grub2.sh
+++ b/tests/shared/grub2.sh
@@ -11,10 +11,10 @@ function set_grub_uefi_root {