scap-security-guide/SOURCES/0001-Add-AlmaLinux-8-support.patch

27218 lines
1.7 MiB
Diff
Raw Normal View History

2021-09-15 11:41:44 +00:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
2024-03-04 15:52:37 +00:00
index aef21154f..a8d8360c6 100644
2021-09-15 11:41:44 +00:00
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
2024-03-04 15:52:37 +00:00
@@ -76,6 +76,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
2021-09-15 11:41:44 +00:00
# unless explicitly asked for.
2023-02-21 13:38:18 +00:00
option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
2021-09-15 11:41:44 +00:00
+option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
2023-02-21 13:38:18 +00:00
option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
2023-10-30 15:13:07 +00:00
option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
2021-09-15 11:41:44 +00:00
option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
2024-03-04 15:52:37 +00:00
@@ -302,6 +303,7 @@ message(STATUS " ")
2021-09-15 11:41:44 +00:00
message(STATUS "Products:")
2023-02-21 13:38:18 +00:00
message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}")
message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}")
2021-09-15 11:41:44 +00:00
+message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}")
2023-02-21 13:38:18 +00:00
message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}")
2023-10-30 15:13:07 +00:00
message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}")
2021-09-15 11:41:44 +00:00
message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}")
2024-03-04 15:52:37 +00:00
@@ -371,6 +373,9 @@ endif()
2023-10-30 15:13:07 +00:00
if(SSG_PRODUCT_ALINUX3)
2023-02-21 13:38:18 +00:00
add_subdirectory("products/alinux3" "alinux3")
endif()
2023-10-30 15:13:07 +00:00
+if(SSG_PRODUCT_ALMALINUX8)
2021-11-17 13:33:00 +00:00
+ add_subdirectory("products/almalinux8" "almalinux8")
2021-09-15 11:41:44 +00:00
+endif()
2023-10-30 15:13:07 +00:00
if(SSG_PRODUCT_ANOLIS8)
2023-02-21 13:38:18 +00:00
add_subdirectory("products/anolis8" "anolis8")
endif()
2021-09-15 11:41:44 +00:00
diff --git a/build_product b/build_product
2024-03-04 15:52:37 +00:00
index 34c74f12a..19f91ffff 100755
2021-09-15 11:41:44 +00:00
--- a/build_product
+++ b/build_product
2024-03-04 15:52:37 +00:00
@@ -321,6 +321,7 @@ set_explict_build_targets() {
2021-09-15 11:41:44 +00:00
all_cmake_products=(
2023-02-21 13:38:18 +00:00
ALINUX2
ALINUX3
+ ALMALINUX8
ANOLIS8
2023-10-30 15:13:07 +00:00
ANOLIS23
2021-09-15 11:41:44 +00:00
CHROMIUM
2022-06-29 08:41:07 +00:00
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
2024-03-04 15:52:37 +00:00
index ea0f67644..d511ffe95 100644
2022-06-29 08:41:07 +00:00
--- a/cmake/SSGCommon.cmake
+++ b/cmake/SSGCommon.cmake
2024-03-04 15:52:37 +00:00
@@ -837,7 +837,7 @@ macro(ssg_build_product PRODUCT)
ssg_render_policies_for_product(${PRODUCT})
add_dependencies(render-policies ${PRODUCT}-render-policies)
2022-06-29 08:41:07 +00:00
2023-10-30 15:13:07 +00:00
- if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel(7|8)")
+ if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "almalinux8")
2022-06-29 08:41:07 +00:00
ssg_build_disa_delta(${PRODUCT} "stig")
add_dependencies(${PRODUCT} generate-ssg-delta-${PRODUCT}-stig)
endif()
2023-10-30 15:13:07 +00:00
diff --git a/components/rpm.yml b/components/rpm.yml
index 2b00bd908..4fc431b04 100644
--- a/components/rpm.yml
+++ b/components/rpm.yml
@@ -9,6 +9,7 @@ rules:
- dnf-automatic_apply_updates
- dnf-automatic_security_updates_only
- ensure_GPG_keys_are_configured
+- ensure_almalinux_gpgkey_installed
- ensure_fedora_gpgkey_installed
- ensure_gpgcheck_globally_activated
- ensure_gpgcheck_local_packages
2021-09-15 11:41:44 +00:00
diff --git a/controls/anssi.yml b/controls/anssi.yml
2024-03-04 15:52:37 +00:00
index 665fd4073..884901fb0 100644
2021-09-15 11:41:44 +00:00
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
2024-03-04 15:52:37 +00:00
@@ -1157,7 +1157,7 @@ controls:
2021-09-15 11:41:44 +00:00
- ensure_gpgcheck_never_disabled
- ensure_gpgcheck_globally_activated
- ensure_gpgcheck_local_packages
2021-11-17 13:33:00 +00:00
- - ensure_redhat_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
- ensure_oracle_gpgkey_installed
2023-10-30 15:13:07 +00:00
- id: R60
2021-11-17 13:33:00 +00:00
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
2024-03-04 15:52:37 +00:00
index d81729d59..fd31d9a54 100644
2021-11-17 13:33:00 +00:00
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
2024-03-04 15:52:37 +00:00
@@ -351,7 +351,7 @@ controls:
2023-02-21 13:38:18 +00:00
- l1_workstation
status: manual
related_rules:
- - ensure_redhat_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
2024-03-04 15:52:37 +00:00
- id: 1.2.2
2023-02-21 13:38:18 +00:00
title: Ensure gpgcheck is globally activated (Automated)
diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
2024-03-04 15:52:37 +00:00
index d3d2fe87d..53fd01e15 100644
2023-02-21 13:38:18 +00:00
--- a/controls/cis_rhel9.yml
+++ b/controls/cis_rhel9.yml
2023-10-30 15:13:07 +00:00
@@ -306,7 +306,7 @@ controls:
2021-11-17 13:33:00 +00:00
- l1_workstation
2022-06-29 08:41:07 +00:00
status: manual
2021-11-17 13:33:00 +00:00
related_rules:
- - ensure_redhat_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
2023-02-21 13:38:18 +00:00
- id: 1.2.2
2021-11-17 13:33:00 +00:00
title: Ensure gpgcheck is globally activated (Automated)
2024-03-04 15:52:37 +00:00
diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
index 0936fe934..0e557fdcd 100644
--- a/controls/pcidss_4.yml
+++ b/controls/pcidss_4.yml
@@ -1547,7 +1547,7 @@ controls:
- base
status: automated
rules:
- - ensure_redhat_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
- ensure_suse_gpgkey_installed
- ensure_gpgcheck_globally_activated
- ensure_gpgcheck_never_disabled
2023-02-21 13:38:18 +00:00
diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
2023-10-30 15:13:07 +00:00
index 6d494547b..71d2df788 100644
2023-02-21 13:38:18 +00:00
--- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
+++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
2023-10-30 15:13:07 +00:00
@@ -12,9 +12,7 @@ controls:
- ensure_gpgcheck_globally_activated
2023-02-21 13:38:18 +00:00
- ensure_gpgcheck_local_packages
- ensure_gpgcheck_never_disabled
2023-10-30 15:13:07 +00:00
- {{% if 'rhel' in product %}}
2023-02-21 13:38:18 +00:00
- - ensure_redhat_gpgkey_installed
2023-10-30 15:13:07 +00:00
- {{% endif %}}
2023-02-21 13:38:18 +00:00
+ - ensure_almalinux_gpgkey_installed
2023-10-30 15:13:07 +00:00
- ensure_oracle_gpgkey_installed
2023-02-21 13:38:18 +00:00
status: automated
2024-03-04 15:52:37 +00:00
diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
index 5449c8296..0975a82e4 100644
--- a/controls/stig_rhel9.yml
+++ b/controls/stig_rhel9.yml
@@ -384,7 +384,7 @@ controls:
- medium
title: RHEL 9 must ensure cryptographic verification of vendor software packages.
rules:
- - ensure_redhat_gpgkey_installed
+ - ensure_almalinux_gpgkey_installed
status: automated
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- id: RHEL-09-214015
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml
2024-03-04 15:52:37 +00:00
index e04cfe6ff..27ad8a3f0 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/services/base/package_abrt_removed/rule.yml
+++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -27,7 +27,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
2021-09-15 11:41:44 +00:00
srg: SRG-OS-000095-GPOS-00049
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040001
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt") }}}
diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
2023-02-21 13:38:18 +00:00
index 1f6a233ed..9f3a4d6b4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
+++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
kdump --disable
diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
2024-03-04 15:52:37 +00:00
index 45a7019bf..764d594c3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
2024-03-04 15:52:37 +00:00
@@ -40,7 +40,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021300
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010670
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021300
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010670
+ stigid@almalinux8: RHEL-08-010670
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-213115
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010840
stigid@sle15: SLES-15-040190
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
index 67fc86c42..a397633e8 100644
--- a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
+++ b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
@@ -25,7 +25,7 @@ references:
nist: CM-7 (2),CM-7 (5) (b),CM-6 b
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00232
stigid@ol8: OL08-00-040137
- stigid@rhel8: RHEL-08-040137
+ stigid@almalinux8: RHEL-08-040137
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'fapolicyd is not running in enforcement mode with a deny-all, permit-by-exception policy'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -40,7 +40,7 @@ ocil: |-
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
Check that fapolicyd employs a deny-all policy on system mounts with the following commands:
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{%- if product in ["ol8", "rhel8"] %}}
+ {{%- if product in ["ol8", "rhel8", "almalinux8"] %}}
{{% set product_short_name = "OL" if "ol" in product else "RHEL" %}}
For {{{ product_short_name }}} 8.5 systems and older:
$ sudo tail /etc/fapolicyd/fapolicyd.rules
@@ -60,7 +60,7 @@ fixtext: |-
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
permissive = 1
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{%- if product in ["ol8", "rhel8"] %}}
+ {{%- if product in ["ol8", "rhel8", "almalinux8"] %}}
For {{{ product_short_name }}} 8.5 systems and older:
Build the whitelist in the "/etc/fapolicyd/fapolicyd.rules" file ensuring the last rule is "deny perm=any all : all".
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
index 52fc6fe69..03fb0c022 100644
--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
+++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
@@ -22,7 +22,7 @@ references:
nist: CM-6(a),SI-4(22)
srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
stigid@ol8: OL08-00-040135
- stigid@rhel8: RHEL-08-040135
+ stigid@almalinux8: RHEL-08-040135
stigid@rhel9: RHEL-09-433010
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the fapolicyd package is not installed'
diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
index d7dd2954b..f7c17fee5 100644
--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
+++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
stigid@ol8: OL08-00-040136
- stigid@rhel8: RHEL-08-040136
+ stigid@almalinux8: RHEL-08-040136
stigid@rhel9: RHEL-09-433015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the service is not enabled'
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
index 915ca1269..a27c61b9c 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-040690
stigid@ol8: OL08-00-040360
stigid@rhel7: RHEL-07-040690
- stigid@rhel8: RHEL-08-040360
+ stigid@almalinux8: RHEL-08-040360
stigid@rhel9: RHEL-09-215015
stigid@sle12: SLES-12-030011
stigid@sle15: SLES-15-010030
diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
index 13751ebbd..49e09ac22 100644
--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
+++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FTP_ITC_EXT.1
srg: SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010161
- stigid@rhel8: RHEL-08-010161
+ stigid@almalinux8: RHEL-08-010161
stigid@rhel9: RHEL-09-611205
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platforms:
diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
index 36dc8de85..e64652a1b 100644
--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
+++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
@@ -29,7 +29,7 @@ references:
nist: IA-7,IA-7.1
srg: SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010163
- stigid@rhel8: RHEL-08-010163
+ stigid@almalinux8: RHEL-08-010163
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platforms:
- krb5_server_older_than_1_17-18
diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
index 646e63f4b..cb346ebf4 100644
--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
+++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Use LDAP for authentication
diff --git a/linux_os/guide/services/mail/package_mailx_installed/rule.yml b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
index ebbfcfc12..2ed44e12a 100644
--- a/linux_os/guide/services/mail/package_mailx_installed/rule.yml
+++ b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
@@ -26,7 +26,7 @@ references:
stigid@ol7: OL07-00-020028
stigid@ol8: OL08-00-010358
stigid@rhel7: RHEL-07-020028
- stigid@rhel8: RHEL-08-010358
+ stigid@almalinux8: RHEL-08-010358
stigid@sle12: SLES-12-010498
stigid@sle15: SLES-15-010418
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/mail/package_postfix_installed/rule.yml b/linux_os/guide/services/mail/package_postfix_installed/rule.yml
index a2b8325d2..1b7a24e1f 100644
--- a/linux_os/guide/services/mail/package_postfix_installed/rule.yml
+++ b/linux_os/guide/services/mail/package_postfix_installed/rule.yml
@@ -18,7 +18,7 @@ identifiers:
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
references:
srg: SRG-OS-000046-GPOS-00022
- stigid@rhel8: RHEL-08-030030
+ stigid@almalinux8: RHEL-08-030030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the package is not installed'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
index 77344dee5..39201604d 100644
--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
+++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
@@ -34,7 +34,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040002
- stigid@rhel8: RHEL-08-040002
+ stigid@almalinux8: RHEL-08-040002
stigid@rhel9: RHEL-09-215020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_package(package="sendmail") }}}
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
index 3a86771d6..bacfaa7d0 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
index 743d47775..54354e10c 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
index d81aa3e41..f027ffa73 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
@@ -29,7 +29,7 @@ references:
nist: AU-5(a),AU-5.1(ii)
srg: SRG-OS-000046-GPOS-00022
stigid@ol8: OL08-00-030030
- stigid@rhel8: RHEL-08-030030
+ stigid@almalinux8: RHEL-08-030030
stigid@rhel9: RHEL-09-252060
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the alias is not set or is not root'
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
index c5e7ae18c..1ab2a0a40 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
index befe1acf3..e36b1fd3e 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
index 4f38c42c8..b76e0f884 100644
--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
+++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
@@ -26,7 +26,7 @@ references:
stigid@ol7: OL07-00-040680
stigid@ol8: OL08-00-040290
stigid@rhel7: RHEL-07-040680
- stigid@rhel8: RHEL-08-040290
+ stigid@almalinux8: RHEL-08-040290
stigid@rhel9: RHEL-09-252050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject"'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
index 0b3c6a1a1..0891eef6f 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
@@ -27,7 +27,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010640
- stigid@rhel8: RHEL-08-010640
+ stigid@almalinux8: RHEL-08-010640
stigid@rhel9: RHEL-09-231065
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the setting does not show'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
index c8da85560..c93e7f926 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
@@ -33,7 +33,7 @@ references:
stigid@ol7: OL07-00-021021
stigid@ol8: OL08-00-010630
stigid@rhel7: RHEL-07-021021
- stigid@rhel8: RHEL-08-010630
+ stigid@almalinux8: RHEL-08-010630
stigid@rhel9: RHEL-09-231070
stigid@sle12: SLES-12-010820
stigid@sle15: SLES-15-040170
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
index 96ef1d137..b82157d88 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
@@ -31,7 +31,7 @@ references:
stigid@ol7: OL07-00-021020
stigid@ol8: OL08-00-010650
stigid@rhel7: RHEL-07-021020
- stigid@rhel8: RHEL-08-010650
+ stigid@almalinux8: RHEL-08-010650
stigid@rhel9: RHEL-09-231075
stigid@sle12: SLES-12-010810
stigid@sle15: SLES-15-040160
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
index 524cdc7d0..2678708d2 100644
--- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
+++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append(chrony_conf_path, '^port', '0', '%s %s') }}}
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
index c435df983..b80ffbf7b 100644
--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
index 87f4bbadd..2da6b80af 100644
--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-030741
- stigid@rhel8: RHEL-08-030741
+ stigid@almalinux8: RHEL-08-030741
stigid@rhel9: RHEL-09-252025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "port" option is not set to "0", is commented out, or is missing'
diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
index 25b768688..a1e46bc12 100644
--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append(chrony_conf_path, '^cmdport', '0', '%s %s') }}}
diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
index c435df983..b80ffbf7b 100644
--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
index 7384d0e0e..108ab2c7f 100644
--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
@@ -27,7 +27,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-030742
- stigid@rhel8: RHEL-08-030742
+ stigid@almalinux8: RHEL-08-030742
stigid@rhel9: RHEL-09-252030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "cmdport" option is not set to "0", is commented out, or is missing'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
index c435df983..b80ffbf7b 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
index 03acce756..51cdc3fbe 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
@@ -94,7 +94,7 @@ references:
stigid@ol7: OL07-00-040500
stigid@ol8: OL08-00-030740
stigid@rhel7: RHEL-07-040500
- stigid@rhel8: RHEL-08-030740
+ stigid@almalinux8: RHEL-08-030740
stigid@rhel9: RHEL-09-252020
stigid@sle12: SLES-12-030300
stigid@sle15: SLES-15-010400
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
index 6b76902a1..3925ca7b9 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_multiple_time_servers") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
index c435df983..b80ffbf7b 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
index 6bf4f9aae..fea88a083 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_multiple_time_servers") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
index c435df983..b80ffbf7b 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
index 63880e804..076146db2 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
@@ -1,11 +1,11 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# reboot = false
# strategy = configure
# complexity = low
# disruption = low
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{%- set ok_by_default = false %}}
-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}}
+{{%- if product in ["rhel7", "ol7", "rhel8", "almalinux8", "ol8", "rhel9", "ol9", "fedora"] %}}
{{%- set ok_by_default = true %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh
index 462528038..0bada7168 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
# platform = multi_platform_all
{{%- set ok_by_default = false %}}
-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}}
+{{%- if product in ["rhel7", "ol7", "rhel8", "almalinux8", "ol8", "rhel9", "ol9", "fedora"] %}}
{{%- set ok_by_default = true %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml
index e1d712f25..325ed08c1 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml
@@ -1,5 +1,5 @@
{{%- set ok_by_default = false %}}
-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}}
+{{%- if product in ["rhel7", "ol7", "rhel8", "almalinux8", "ol8", "rhel9", "ol9", "fedora"] %}}
{{%- set ok_by_default = true %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
index f6c62f1e6..e1127ab4c 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
@@ -4,7 +4,7 @@ documentation_complete: true
title: 'Ensure that chronyd is running under chrony user account'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{%- set ok_by_default = false %}}
-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}}
+{{%- if product in ["rhel7", "ol7", "rhel8", "almalinux8", "ol8", "rhel9", "ol9", "fedora"] %}}
{{%- set ok_by_default = true %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
index 2e3d4e406..a348b99df 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
index b75e59c2e..6c3415c34 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
index edd19015f..11fcd1bce 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
index 83120046d..12b9d1a42 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
index 0b8c54cfb..7a44d477b 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
index 69908e41f..0c506bca3 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# packages = chrony
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
index 556495bcc..5eb0649f8 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
@@ -23,7 +23,7 @@ references:
disa: CCI-001891
srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146
stigid@ol8: OL08-00-030740
- stigid@rhel8: RHEL-08-030740
+ stigid@almalinux8: RHEL-08-030740
stigid@rhel9: RHEL-09-252020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'an authoritative remote time server is not configured or configured with pool directive'
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
index b2427c1d5..2d62ca68b 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
index 16c634e0a..e0e0b136a 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
index 56b414e2e..c28bc2f7f 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "some line" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
index 01a21e0b0..3b8082c73 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "^pool.*" {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
index 6f45a555f..5d03e6e21 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "^server.*" {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
index ec9e58c75..1a31ccf74 100644
--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "^pool.*" {{{ chrony_conf_path }}}
echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
index d74bde623..8f83241cd 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
index 56cee5abd..a8d771d62 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "pool 0.pool.ntp.org" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
index 50e0715cc..e75a1ec07 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "" > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
index d89bdb1e5..a56b2e0dc 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
index ce121222a..3c7d36f8b 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo "some line" > {{{ chrony_conf_path }}}
echo "another line" >> {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
index 917d2e610..eccff3389 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
2022-06-29 08:41:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
echo "server 1.pool.ntp.org" >> {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
index 5f0ad2c6e..7c6175efb 100644
--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
+++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = chrony
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
echo "server " > {{{ chrony_conf_path }}}
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
index 739ab24b8..fadb459bf 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = enable
# complexity = low
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
index f8a77aeee..33166cac2 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = enable
# complexity = low
diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
index ec023c163..6a9998c70 100644
--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
@@ -29,7 +29,7 @@ references:
stigid@ol7: OL07-00-040550
stigid@ol8: OL08-00-010460
stigid@rhel7: RHEL-07-040550
- stigid@rhel8: RHEL-08-010460
+ stigid@almalinux8: RHEL-08-010460
stigid@rhel9: RHEL-09-252070
stigid@sle12: SLES-12-010410
stigid@sle15: SLES-15-040030
diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
index 9c6fc297c..7db8e8320 100644
--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
index e64838b15..baaa07631 100644
--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
find /root -xdev -type f -name ".rhosts" -exec rm -f {} \;
find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \;
diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
index 15af7c169..a1997bbae 100644
--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-040540
stigid@ol8: OL08-00-010470
stigid@rhel7: RHEL-07-040540
- stigid@rhel8: RHEL-08-010470
+ stigid@almalinux8: RHEL-08-010470
stigid@rhel9: RHEL-09-252075
stigid@sle12: SLES-12-010400
stigid@sle15: SLES-15-040020
diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
index 9d2888a1b..46baea6a4 100644
--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-020000
stigid@ol8: OL08-00-040010
stigid@rhel7: RHEL-07-020000
- stigid@rhel8: RHEL-08-040010
+ stigid@almalinux8: RHEL-08-040010
stigid@rhel9: RHEL-09-215035
stigid@ubuntu2004: UBTU-20-010406
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -50,7 +50,7 @@ template:
vars:
pkgname: rsh-server
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["rhel8", "rhel9"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
warnings:
- general:
The package is not available in {{{ full_name }}}.
diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
index fa615a76d..b1687e9d9 100644
--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
@@ -58,7 +58,7 @@ template:
pkgname@ubuntu2004: rsh-client
pkgname@ubuntu2204: rsh-client
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["rhel8", "rhel9"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
warnings:
- general:
The package is not available in {{{ full_name }}}.
diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
index 2b6b3a9c9..11f9b5a34 100644
--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
@@ -32,7 +32,7 @@ template:
vars:
pkgname: talk-server
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["rhel8", "rhel9"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
warnings:
- general:
The package is not available in {{{ full_name }}}.
diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
index fd15f0f82..f79aedf92 100644
--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
@@ -40,7 +40,7 @@ template:
vars:
pkgname: talk
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["rhel8", "rhel9"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
warnings:
- general:
The package is not available in {{{ full_name }}}.
diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
index 9a4aae595..0f5b2853c 100644
--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-021710
stigid@ol8: OL08-00-040000
stigid@rhel7: RHEL-07-021710
- stigid@rhel8: RHEL-08-040000
+ stigid@almalinux8: RHEL-08-040000
stigid@rhel9: RHEL-09-215040
stigid@sle12: SLES-12-030000
stigid@sle15: SLES-15-010180
diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
index 10bea8cdb..48157c113 100644
--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
@@ -42,7 +42,7 @@ references:
stigid@ol7: OL07-00-040700
stigid@ol8: OL08-00-040190
stigid@rhel7: RHEL-07-040700
- stigid@rhel8: RHEL-08-040190
+ stigid@almalinux8: RHEL-08-040190
stigid@rhel9: RHEL-09-215060
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_package(package="tftp-server") }}}
diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
index 10ca18526..f1d31a4f2 100644
--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
@@ -6,7 +6,7 @@ title: 'Ensure tftp Daemon Uses Secure Mode'
description: |-
If running the Trivial File Transfer Protocol (TFTP) service is necessary,
it should be configured to change its root directory at startup. To do so,
- {{%- if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
+ {{%- if product in ["rhel7","ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
ensure <tt>/etc/xinetd.d/tftp</tt> includes <tt>-s</tt> as a command line argument,
as shown in the following example:
<pre>server_args = -s {{{ xccdf_value("var_tftpd_secure_directory") }}}</pre>
@@ -46,11 +46,11 @@ references:
stigid@ol7: OL07-00-040720
stigid@ol8: OL08-00-040350
stigid@rhel7: RHEL-07-040720
- stigid@rhel8: RHEL-08-040350
+ stigid@almalinux8: RHEL-08-040350
stigid@rhel9: RHEL-09-252055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
-{{%- if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
+{{%- if product in ["rhel7","ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
'"server_args" line does not have a "-s" option, and a subdirectory is not assigned'
{{%- else %}}
'the "ExecStart" line does not have a "-s" option, and a subdirectory is not assigned'
@@ -60,7 +60,7 @@ ocil: |-
Verify the TFTP daemon is configured to operate in secure mode.
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
Check if a TFTP server is installed with the following command:
- {{% if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
+ {{% if product in ["rhel7","ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
<pre>$ rpm -qa | grep tftp</pre>
{{% else %}}
<pre>$ sudo dnf list --installed tftp-server
@@ -70,7 +70,7 @@ ocil: |-
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
If a TFTP server is not installed, this is Not Applicable.
<br /><br />
- {{% if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
+ {{% if product in ["rhel7","ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
If a TFTP server is installed, verify TFTP is configured by with
the <tt>-s</tt> option by running the following command:
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -84,7 +84,7 @@ ocil: |-
{{% endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
fixtext: |-
- {{%- if product in ["rhel7","ol7","rhel8","ol8","rhv4"] %}}
+ {{%- if product in ["rhel7","ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
server_args = -s {{{ xccdf_value("var_tftpd_secure_directory") }}}
diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
index 2764446e3..fb9670d0b 100644
--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
@@ -23,7 +23,7 @@ references:
ospp: FCS_RBG_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010473
- stigid@rhel8: RHEL-08-010471
+ stigid@almalinux8: RHEL-08-010471
stigid@rhel9: RHEL-09-211035
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
{{% if product == "ol8" %}}
diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
index a66068605..f25b95045 100644
--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
index 9e1f01f53..d7d4c2651 100644
--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
######################################################################
#By Luke "Brisk-OH" Brisk
#luke.brisk@boeing.com or luke.brisk@gmail.com
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
index 084c89343..c38f2b927 100644
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then
sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
index 3b8653a60..5de223af4 100644
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
index ce70b2c19..6e484b30e 100644
--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
index cd5171c1b..6301578ba 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if ! grep -q ssh_keys /etc/group; then
groupadd ssh_keys
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
index 840370623..c64f052be 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_group="cac_testgroup"
groupadd $test_group
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
index 4964fe4a1..f5fd88dd3 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_group="cac_testgroup"
groupadd $test_group
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
index 8028e0466..36ebda0b3 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub)
chgrp root "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
index 56c713f3d..505f3adfb 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_group="cac_testgroup"
groupadd $test_group
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
index 7cffa2c97..9c0f3a28b 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f /etc/ssh/*.pub
diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
index b6bef987d..799d5044b 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_group="cac_testgroup"
groupadd $test_group
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
index b36e8a3d7..494455df2 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
chown root "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
index 30da398eb..4ee3a3c1f 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_user="cac_testuser"
useradd $test_user
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
index 59f414be3..484da1eec 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_user="cac_testuser"
useradd $test_user
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
index adc985a1a..489f65995 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub)
chown root "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
index 4fa528fe3..bbc3c6147 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_user="cac_testuser"
useradd $test_user
diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
index 16878dc1d..6c3983a9d 100644
--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
+++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
test_user="cac_testuser"
useradd $test_user
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
index 6fc7992a1..28f5c07c7 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-040420
stigid@ol8: OL08-00-010490
stigid@rhel7: RHEL-07-040420
- stigid@rhel8: RHEL-08-010490
+ stigid@almalinux8: RHEL-08-010490
stigid@rhel9: RHEL-09-255120
stigid@sle12: SLES-12-030220
stigid@sle15: SLES-15-040250
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
index 28325e1f7..d19148a0b 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
chown root:ssh_keys "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
index 63e2d8642..8a5a658b5 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
chown root:ssh_keys "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
index 48ecfbcac..c5a05db8b 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
chown root:ssh_keys "$FAKE_KEY"
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
index 9aaf68cb9..afc49df93 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-040410
stigid@ol8: OL08-00-010480
stigid@rhel7: RHEL-07-040410
- stigid@rhel8: RHEL-08-010480
+ stigid@almalinux8: RHEL-08-010480
stigid@rhel9: RHEL-09-255125
stigid@sle12: SLES-12-030210
stigid@sle15: SLES-15-040240
diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
index 2a665e70e..067893a82 100644
--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
+++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
@@ -31,7 +31,7 @@ references:
stigid@ol7: OL07-00-040300
stigid@ol8: OL08-00-040159
stigid@rhel7: RHEL-07-040300
- stigid@rhel8: RHEL-08-040159
+ stigid@almalinux8: RHEL-08-040159
stigid@rhel9: RHEL-09-255010
stigid@ubuntu2004: UBTU-20-010042
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
index ba53a8c3d..dba3ca619 100644
--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-040310
stigid@ol8: OL08-00-040160
stigid@rhel7: RHEL-07-040310
- stigid@rhel8: RHEL-08-040160
+ stigid@almalinux8: RHEL-08-040160
stigid@rhel9: RHEL-09-255015
stigid@sle12: SLES-12-030100
stigid@sle15: SLES-15-010530
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
index 1c878701e..be1bff4cf 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
index 3df859f35..e2ab18861 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# put line into the file
echo "setenv SSH_USE_STRONG_RNG 32" > /etc/profile.d/cc-ssh-strong-rng.csh
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
index 29c646020..1be957f95 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
index 13306db45..7a5ca21fc 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# put line into the file
echo "export SSH_USE_STRONG_RNG=32" > /etc/profile.d/cc-ssh-strong-rng.sh
diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
index e886b61d9..599e965d0 100644
--- a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
@@ -23,7 +23,7 @@ identifiers:
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
references:
srg: SRG-OS-000067-GPOS-00035
- stigid@rhel8: RHEL-08-010100
+ stigid@almalinux8: RHEL-08-010100
stigid@rhel9: RHEL-09-611190
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'no ssh private key is accessible without a passcode'
diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
index 5a97f74df..104b27f3f 100644
--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
index 39102e5d7..2dcfeeb0f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
index ba5987621..d972650ea 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append('/etc/ssh/sshd_config', '^Protocol', '2', '%s %s') }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
index f8d422c6c..aafcd046f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
index c7212d5b8..dc1e8c4b9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_sshd_disable_compression") }}}
{{{ bash_sshd_remediation("Compression", "$var_sshd_disable_compression") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
index 40960565c..06d3b974e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-010300
stigid@ol8: OL08-00-020330
stigid@rhel7: RHEL-07-010300
- stigid@rhel8: RHEL-08-020330
+ stigid@almalinux8: RHEL-08-020330
stigid@rhel9: RHEL-09-255040
stigid@sle12: SLES-12-030150
stigid@sle15: SLES-15-040440
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
index c45531648..522df4731 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-040430
stigid@ol8: OL08-00-010522
stigid@rhel7: RHEL-07-040430
- stigid@rhel8: RHEL-08-010522
+ stigid@almalinux8: RHEL-08-010522
stigid@rhel9: RHEL-09-255135
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
index 969e5a708..dc91af19a 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-040440
stigid@ol8: OL08-00-010521
stigid@rhel7: RHEL-07-040440
- stigid@rhel8: RHEL-08-010521
+ stigid@almalinux8: RHEL-08-010521
stigid@rhel9: RHEL-09-255140
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
index 228a1166a..6ba91af43 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
index 5a1ec5cf7..d240b4711 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
index 479d26bc6..c04978f0f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-040370
stigid@ol8: OL08-00-010550
stigid@rhel7: RHEL-07-040370
- stigid@rhel8: RHEL-08-010550
+ stigid@almalinux8: RHEL-08-010550
stigid@rhel9: RHEL-09-255045
stigid@sle12: SLES-12-030140
stigid@sle15: SLES-15-020040
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
index 780b846b0..37e5ea9ae 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-040380
stigid@ol8: OL08-00-010520
stigid@rhel7: RHEL-07-040380
- stigid@rhel8: RHEL-08-010520
+ stigid@almalinux8: RHEL-08-010520
stigid@rhel9: RHEL-09-255150
stigid@sle12: SLES-12-030200
stigid@sle15: SLES-15-040230
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
index 6018d7002..1555669cf 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-040710
stigid@ol8: OL08-00-040340
stigid@rhel7: RHEL-07-040710
- stigid@rhel8: RHEL-08-040340
+ stigid@almalinux8: RHEL-08-040340
stigid@rhel9: RHEL-09-255155
stigid@sle15: SLES-15-040290
stigid@ubuntu2004: UBTU-20-010048
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
index 4e168c61e..3492caa81 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -51,7 +51,7 @@ references:
stigid@ol7: OL07-00-010460
stigid@ol8: OL08-00-010830
stigid@rhel7: RHEL-07-010460
- stigid@rhel8: RHEL-08-010830
+ stigid@almalinux8: RHEL-08-010830
stigid@rhel9: RHEL-09-255085
stigid@sle12: SLES-12-030151
stigid@sle15: SLES-15-040440
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
index 65cf32d3c..c48920cdd 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-040450
stigid@ol8: OL08-00-010500
stigid@rhel7: RHEL-07-040450
- stigid@rhel8: RHEL-08-010500
+ stigid@almalinux8: RHEL-08-010500
stigid@rhel9: RHEL-09-255160
stigid@sle12: SLES-12-030230
stigid@sle15: SLES-15-040260
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
index 87aaf6326..e1f67cd59 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-040170
stigid@ol8: OL08-00-010040
stigid@rhel7: RHEL-07-040170
- stigid@rhel8: RHEL-08-010040
+ stigid@almalinux8: RHEL-08-010040
stigid@rhel9: RHEL-09-255025
stigid@sle12: SLES-12-030050
stigid@sle15: SLES-15-010040
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
index 59b6850a0..6c6e70e01 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-040360
stigid@ol8: OL08-00-020350
stigid@rhel7: RHEL-07-040360
- stigid@rhel8: RHEL-08-020350
+ stigid@almalinux8: RHEL-08-020350
stigid@rhel9: RHEL-09-255165
stigid@sle12: SLES-12-030130
stigid@sle15: SLES-15-020120
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
index 8cb93257c..570980352 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
@@ -27,7 +27,7 @@ references:
ospp: FCS_SSH_EXT.1.8
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014
stigid@ol8: OL08-00-040161
- stigid@rhel8: RHEL-08-040161
+ stigid@almalinux8: RHEL-08-040161
stigid@rhel9: RHEL-09-255090
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'it is commented out or is not set'
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
index a31a14f8a..08ad17d7b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_ospp
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
mkdir -p /etc/ssh/sshd_config.d
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
index 5b54ab892..4213bc152 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
index 80a054ce6..3f8a863ce 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
@@ -64,7 +64,7 @@ references:
stigid@ol7: OL07-00-040320
stigid@ol8: OL08-00-010201
stigid@rhel7: RHEL-07-040320
- stigid@rhel8: RHEL-08-010201
+ stigid@almalinux8: RHEL-08-010201
stigid@rhel9: RHEL-09-255100
stigid@sle12: SLES-12-030190
stigid@sle15: SLES-15-010280
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
index be6b3672f..869beb409 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
index e777ce8fe..588ca64d7 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_sshd_set_keepalive") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
index cc6387f6a..2f7cfa3ce 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
@@ -56,7 +56,7 @@ references:
pcidss: Req-8.1.8
pcidss4: "8.2.8"
srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109
- stigid@rhel8: RHEL-08-010200
+ stigid@almalinux8: RHEL-08-010200
stigid@rhel9: RHEL-09-255095
stigid@sle12: SLES-12-030191
stigid@sle15: SLES-15-010320
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
index a7a2ed3d6..f4ba85ff9 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
index 2920273f9..32fba975e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("sshd_max_auth_tries_value") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
index 4cc6d6598..5e911b469 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
# profiles = xccdf_org.ssgproject.content_profile_cis
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
#!/bin/bash
SSHD_CONFIG="/etc/ssh/sshd_config"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
index fcdb800c2..77c3e82da 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel, multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux, multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
#!/bin/bash
SSHD_CONFIG="/etc/ssh/sshd_config"
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
index 4173ce47f..07b35af4d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040712
stigid@ol8: OL08-00-040342
stigid@rhel7: RHEL-07-040712
- stigid@rhel8: RHEL-08-040342
+ stigid@almalinux8: RHEL-08-040342
stigid@sle12: SLES-12-030270
stigid@sle15: SLES-15-040450
stigid@ubuntu2004: UBTU-20-010045
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
index 4319832c0..313cc1c9d 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
index 64199ace8..438c06875 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
index dfe21de81..9ec1188e8 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
index 63774b1e3..780664422 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
index 3fd2901a9..2e3d34fef 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
index a9ddcf7c1..e696c5c82 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
index 682758a9d..7f2f9144a 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
index 4cac68a12..e329787c3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
index edb2553d2..2bfd42c86 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com", '%s %s') }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
index b903a7a08..cd6f95db4 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}}
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
index ba493f99f..dad0a61e3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config
echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
index 27a2e37ac..3e678dccb 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
index ca08e633a..f90fa48d6 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config
echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
index 5a98fc0eb..846cdd444 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
index d23f8b669..3f06a2fa3 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
@@ -29,7 +29,7 @@ references:
ospp: FCS_RBG_EXT.1.2
srg: SRG-OS-000480-GPOS-00232,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010292
- stigid@rhel8: RHEL-08-010292
+ stigid@almalinux8: RHEL-08-010292
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
ocil: |-
To determine whether the SSH service is configured to use strong entropy seed,
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
index c3694805c..cfc34fb14 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-040711
stigid@ol8: OL08-00-040341
stigid@rhel7: RHEL-07-040711
- stigid@rhel8: RHEL-08-040341
+ stigid@almalinux8: RHEL-08-040341
stigid@rhel9: RHEL-09-255175
stigid@sle12: SLES-12-030261
stigid@ubuntu2004: UBTU-20-010049
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
index 202fc7f44..711cc57c6 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
index 68a6a1291..740c94e10 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_sssd_ldap_tls_ca_dir") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
index 891b3e2f9..6cb0bce26 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
index 5c83263bc..91e28ba16 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_sssd_ldap_config(parameter="ldap_tls_reqcert", value="demand") }}}
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
index b38bc41fe..33c5c9034 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
index 564e32815..02bed6db8 100644
--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_sssd_ldap_config(parameter="ldap_id_use_start_tls", value="true") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
index c93d7a59d..a6dff6f85 100644
--- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
index ea3c0946c..08e66dade 100644
--- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
index df4e19807..b5948e9d6 100644
--- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
@@ -24,7 +24,7 @@ references:
nist: IA-2(11)
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000377-GPOS-00162
stigid@ol8: OL08-00-010400
- stigid@rhel8: RHEL-08-010400
+ stigid@almalinux8: RHEL-08-010400
stigid@rhel9: RHEL-09-611170
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'certificate_verification in sssd is not configured'
diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
index 6791df75f..2aae5273f 100644
--- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
@@ -30,7 +30,7 @@ references:
nist: IA-5 (2) (c)
srg: SRG-OS-000068-GPOS-00036
stigid@ol8: OL08-00-020090
- stigid@rhel8: RHEL-08-020090
+ stigid@almalinux8: RHEL-08-020090
stigid@rhel9: RHEL-09-631015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
warnings:
diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
index 09e863e4a..ba1f546e9 100644
--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
index f82c9e386..e57bdf163 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
@@ -34,7 +34,7 @@
create: yes
mode: 0600
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
- name: '{{{ rule_title }}} - Check if system relies on authselect'
ansible.builtin.stat:
path: /usr/bin/authselect
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
index 4e2e00554..619d3f684 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
@@ -13,7 +13,7 @@ umask u=rw,go=
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
umask $OLD_UMASK
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
if [ -f /usr/bin/authselect ]; then
{{{ bash_enable_authselect_feature('with-smartcard') | indent(4) }}}
else
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
index c2ae4d39a..010ff0410 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
@@ -5,7 +5,7 @@
<criteria operator="AND">
<criterion comment="Check pam_cert_auth in /etc/sssd/sssd.conf"
test_ref="test_sssd_enable_smartcards"/>
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<criterion comment="Check allow_missing_name in /etc/pam.d/smartcard-auth"
test_ref="test_sssd_enable_smartcards_allow_missing_name_smartcard_auth"/>
<criterion comment="Check try_cert_auth or require_cert_auth in /etc/pam.d/system-auth"
@@ -25,7 +25,7 @@
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<ind:textfilecontent54_test check="all" check_existence="all_exist"
comment="tests the presence of try_cert_auth or require_cert_auth in /etc/pam.d/smartcard-auth"
id="test_sssd_enable_smartcards_allow_missing_name_smartcard_auth" version="2">
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
index b4d314374..585daaa7e 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
@@ -10,7 +10,7 @@ description: |-
<pre>[pam]
pam_cert_auth = True
</pre>
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include
"try_cert_auth" or "require_cert_auth" option, like in the following example:
<pre>
@@ -51,7 +51,7 @@ references:
pcidss4: "8.4"
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
stigid@ol8: OL08-00-020250
- stigid@rhel8: RHEL-08-020250
+ stigid@almalinux8: RHEL-08-020250
stigid@rhel9: RHEL-09-611165
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'smart cards are not enabled in SSSD'
@@ -62,7 +62,7 @@ ocil: |-
If configured properly, output should be
<pre>pam_cert_auth = True</pre>
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
To verify that smart cards are enabled in PAM files, run the following command:
<pre>$ sudo grep -e "auth.*pam_sss\.so.*\(allow_missing_name\|try_cert_auth\)" /etc/pam.d/smartcard-auth /etc/pam.d/system-auth</pre>
If configured properly, output should be
@@ -77,7 +77,7 @@ fixtext: |-
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
pam_cert_auth = True
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
Enable the <tt>with-smartcard</tt> feature using the <tt>authselect</tt> command:
sudo authselect enable-feature with-smartcard
sudo authselect apply-changes -b
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
index bcaae2a60..53947d224 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
index 5f4aaa725..be9cee3f3 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
2023-10-30 15:13:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
index 860e0bb6c..b1763e438 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
index 78b79752a..2f436c9e9 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
index aaf33d7b0..a20a8c190 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
index 85bb1de67..a1ef34292 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
index 43e19d382..2848e2072 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SSSD_FILE="/etc/sssd/sssd.conf"
rm -f $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
index 65eb8d8b3..87c26855d 100644
--- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
@@ -36,7 +36,7 @@ references:
nist: IA-5 (2) (a)
srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
stigid@ol8: OL08-00-010090
- stigid@rhel8: RHEL-08-010090
+ stigid@almalinux8: RHEL-08-010090
stigid@rhel9: RHEL-09-631010
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
warnings:
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
index 7cfba003b..fb36bb099 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
index e7d5d3916..ed768f876 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
index 3a5bd52c1..8c24e41bf 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
@@ -4,7 +4,7 @@
<criteria operator="OR">
<criterion comment="Check offline_credentials_expiration in /etc/sssd/sssd.conf"
test_ref="test_sssd_offline_cred_expiration" />
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
<criterion comment="Check cache_credentials in /etc/sssd/sssd.conf"
test_ref="test_sssd_cache_credentials" />
{{% endif %}}
@@ -20,7 +20,7 @@
<ind:pattern operation="pattern match">^[\s]*\[pam](?:[^\n\[]*\n+)+?[\s]*offline_credentials_expiration[\s]*=[\s]*1\s*(?:#.*)?$</ind:pattern>
<ind:instance datatype="int">1</ind:instance>
</ind:textfilecontent54_object>
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
<ind:textfilecontent54_test check="all" check_existence="any_exist"
comment="tests the value of cache_credentials setting in the /etc/sssd/sssd.conf file"
id="test_sssd_cache_credentials" version="1">
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
index 36187d683..113849b46 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
@@ -5,7 +5,7 @@ title: 'Configure SSSD to Expire Offline Credentials'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
description: |-
SSSD should be configured to expire offline credentials after 1 day.
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Check if SSSD allows cached authentications with the following command:
<pre>
$ sudo grep cache_credentials /etc/sssd/sssd.conf
@@ -46,7 +46,7 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
srg: SRG-OS-000383-GPOS-00166
stigid@ol8: OL08-00-020290
- stigid@rhel8: RHEL-08-020290
+ stigid@almalinux8: RHEL-08-020290
stigid@rhel9: RHEL-09-631020
stigid@sle12: SLES-12-010680
stigid@sle15: SLES-15-010500
@@ -55,7 +55,7 @@ references:
ocil_clause: 'it does not exist or is not configured properly'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil: |-
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Check if SSSD allows cached authentications with the following command:
<pre>
$ sudo grep cache_credentials /etc/sssd/sssd.conf
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
index b2d1fe155..93d7ed93e 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo -e "[pam]\noffline_credentials_expiration = 2" >> $SSSD_CONF
diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
index 3da9609d7..06586bd8a 100644
--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
MAIN_CONF="/etc/sssd/conf.d/ospp.conf"
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
index 599683567..8fa06fa65 100644
--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
index f066ef1bd..01254fa6f 100644
--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
index 331627492..72a361b30 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
@@ -1,3 +1,3 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
{{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}}
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
index 70864f734..9b0a73a0b 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215,SRG-APP-000141-CTR-000315
stigid@ol8: OL08-00-030603
- stigid@rhel8: RHEL-08-030603
+ stigid@almalinux8: RHEL-08-030603
stigid@rhel9: RHEL-09-291025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: package[usbguard]
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
index 9f18591b3..b49d5217a 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
index e9e56f124..b9eb36658 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
@@ -50,7 +50,7 @@ references:
nist: CM-8(3),IA-3
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040139
- stigid@rhel8: RHEL-08-040139
+ stigid@almalinux8: RHEL-08-040139
stigid@rhel9: RHEL-09-291015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
index e9c55dfb0..9be805c13 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
index 703949026..bb5493ff8 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040141
- stigid@rhel8: RHEL-08-040141
+ stigid@almalinux8: RHEL-08-040141
stigid@rhel9: RHEL-09-291020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the service is not enabled'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
index 5ef460be8..8a12559f6 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
{{% macro usbguard_hid_and_hub_config_source() %}}
allow with-interface match-all { 03:*:* 09:00:* }
{{%- endmacro -%}}
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
index cca593262..5ac5c0678 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
index 88d55f160..f2f336700 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
index c762f9318..9320755b5 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040140
- stigid@rhel8: RHEL-08-040140
+ stigid@almalinux8: RHEL-08-040140
stigid@rhel9: RHEL-09-291030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
index a5ff9b07b..71f4bc705 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Oracle Linux 7,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 7,Oracle Linux 8
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
index 55ecb9f2e..091e4ad14 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-040730
stigid@ol8: OL08-00-040320
stigid@rhel7: RHEL-07-040730
- stigid@rhel8: RHEL-08-040320
+ stigid@almalinux8: RHEL-08-040320
stigid@rhel9: RHEL-09-215070
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'xorg related packages are not removed and run level is not correctly configured'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
index 1d939a95f..737cf51fe 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
@@ -39,7 +39,7 @@ references:
nist-csf: PR.AC-3,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040321
- stigid@rhel8: RHEL-08-040321
+ stigid@almalinux8: RHEL-08-040321
stigid@rhel9: RHEL-09-211030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
index 33bb72648..0242c8c28 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
systemctl set-default multi-user.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
index 24c31a0dc..fd9a7b988 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
index 57c1de2de..2d5eb503c 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
systemctl set-default graphical.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
index 83f849522..c7be9f867 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
index 1dea09b2f..cbc23c694 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
index 63ceaaf88..e50ada3e4 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("login_banner_text") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index b6012519b..4ce615545 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -117,7 +117,7 @@ references:
stigid@ol7: OL07-00-010050
stigid@ol8: OL08-00-010060
stigid@rhel7: RHEL-07-010050
- stigid@rhel8: RHEL-08-010060
+ stigid@almalinux8: RHEL-08-010060
stigid@rhel9: RHEL-09-211020
stigid@sle12: SLES-12-010030
stigid@sle15: SLES-15-010020
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
index 5735d2035..0ca7771ef 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
index 4d77e8336..4ed727fc5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("motd_banner_text") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
index 5814a30bd..aa4aa4c5c 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
index 6e2c5bd63..21de86a25 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-010030
stigid@ol8: OL08-00-010049
stigid@rhel7: RHEL-07-010030
- stigid@rhel8: RHEL-08-010049
+ stigid@almalinux8: RHEL-08-010049
stigid@rhel9: RHEL-09-271010,RHEL-09-271015
stigid@sle12: SLES-12-010040
stigid@sle15: SLES-15-010080
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
index 86aff54f9..b295782b0 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
index 6601ba6b6..9056b451b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-010040
stigid@ol8: OL08-00-010050
stigid@rhel7: RHEL-07-010040
- stigid@rhel8: RHEL-08-010050
+ stigid@almalinux8: RHEL-08-010050
stigid@sle12: SLES-12-010050
stigid@sle15: SLES-15-010090
stigid@ubuntu2004: UBTU-20-010003
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
index fd8e2c157..8e0462cbc 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_ncp
# packages = dconf,gdm
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
index 2f9826489..863f56cc5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
index 555e05c31..12c776b8b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
index a9def9bfb..e1627ffc6 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
index 0859ad2d5..650278ab9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-010344
stigid@ol8: OL08-00-010385
stigid@rhel7: RHEL-07-010344
- stigid@rhel8: RHEL-08-010385
+ stigid@almalinux8: RHEL-08-010385
stigid@rhel9: RHEL-09-611145
stigid@sle12: SLES-12-010114
stigid@sle15: SLES-15-020104
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
index 428fbd7fa..390b6513d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
index badc79bff..f6c602159 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{%- if "sle" in product or "ubuntu" in product %}}
{{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
index b96e9f3db..c12b57eb3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-040530
stigid@ol8: OL08-00-020340
stigid@rhel7: RHEL-07-040530
- stigid@rhel8: RHEL-08-020340
+ stigid@almalinux8: RHEL-08-020340
stigid@rhel9: RHEL-09-412075
stigid@sle12: SLES-12-010390
stigid@sle15: SLES-15-020080
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
index 79b84c92e..a881bf04e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-silent-lastlog; then
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
index 60ede2a24..6e55b3281 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
index 15c424a2d..2182aabf1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-silent-lastlog; then
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
index 7144a4e52..525180f6b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
index 9c752e052..c38f0caf3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then
echo "session required pam_namespace.so" >> "/etc/pam.d/login"
fi
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
index d3eeadde6..2fef71784 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
@@ -20,7 +20,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020026
+ stigid@almalinux8: RHEL-08-020026
stigid@rhel9: RHEL-09-611035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
index 1c48f48e3..f614bf692 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
@@ -20,7 +20,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020025
+ stigid@almalinux8: RHEL-08-020025
stigid@rhel9: RHEL-09-611030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
index 680a2f520..a58fe6f40 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
@@ -22,7 +22,7 @@ references:
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020027,OL08-00-020028
- stigid@rhel8: RHEL-08-020027,RHEL-08-020028
+ stigid@almalinux8: RHEL-08-020027,RHEL-08-020028
stigid@rhel9: RHEL-09-431020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
index e9ecd879f..74e4c0b09 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
index 63d03f08d..e0eae4498 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
index 5e75c996c..ca16cf405 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
@@ -1,7 +1,7 @@
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
index e1eb0a970..79ba23b4a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
index 95c3a04db..37caefc2f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
index 365006509..2a10d041b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
index 98c92bbd4..3d5bc318d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020220
stigid@rhel7: RHEL-07-010270
- stigid@rhel8: RHEL-08-020220
+ stigid@almalinux8: RHEL-08-020220
stigid@rhel9: RHEL-09-611015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
index bef6bbcea..8263dd4a0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
index 111ed3df6..01534eda1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
index cc133d939..7e6f01471 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
index 006ff25ae..4239093a8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
index e16e7434b..6c362a5ac 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
index e5af75fdc..6bb8994e3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
index aef7595c6..041ed743f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
index f16643985..157d8c8f9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
index debcc53ca..a86b0a1d1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
index e4be20de0..a9d7e2ec1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
index a55f86dc3..5506f8c40 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
index 22d76c770..6b202abfd 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020221
stigid@rhel7: RHEL-07-010270
- stigid@rhel8: RHEL-08-020221
+ stigid@almalinux8: RHEL-08-020221
stigid@rhel9: RHEL-09-611020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
index fe238b41b..84c181749 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
index bc6d5ab7f..c3c002885 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
index dd12efbc1..349a46b94 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
index 21a16e3f7..a047688c8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
index 678ea16f7..59b70ce6c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
index e5af75fdc..6bb8994e3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
index 26cc946a1..b02926809 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
index e25a158f7..dcd7e77b1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
index 253d50de1..6665b7b06 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
index 658f8a3e4..de28cf579 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
index c830c07aa..3548b0341 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{% if product in [ "sle12", "sle15" ] %}}
{{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
index a18fa3d6c..41fe931e0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
index bc6d5ab7f..c3c002885 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
index dd12efbc1..349a46b94 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
index d774ac79a..668aa4bf0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
index 4ef7a3f61..8d3a28224 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if authselect list-features minimal | grep -q with-pwhistory; then
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
index 02d30f17a..0463e6008 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
index 7f6215029..5088ca82d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
index 3c1cea1d5..b622c4cc2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
index e25a158f7..dcd7e77b1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
index 253d50de1..6665b7b06 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
index 1eab1f8c4..f29521f1b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
index 021a400c0..09b9d3918 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
index 1bce7f622..954fc4e8d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
@@ -19,7 +19,7 @@ references:
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020020,OL08-00-020021
- stigid@rhel8: RHEL-08-020021
+ stigid@almalinux8: RHEL-08-020021
stigid@rhel9: RHEL-09-412045
stigid@ubuntu2004: UBTU-20-010072
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
index d805aa018..d188e828a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
index e1eb0a970..79ba23b4a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
index c35696fee..f9615fcef 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
index 5bbbc464e..15a644bba 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = authselect,pam
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
index 8ab749d4f..00c16754b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
index 449d912d0..22f5dc375 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
index f4a2acb18..3a67e37df 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020010,OL08-00-020011
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020011
+ stigid@almalinux8: RHEL-08-020011
stigid@rhel9: RHEL-09-411075
stigid@ubuntu2004: UBTU-20-010072
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
index b3232cc93..ec32d65f7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
index 24f5731f6..c118c9be0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
pam_files=("password-auth" "system-auth")
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
index aa3ca061d..6d383b228 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_deny=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
index 579e5670e..238b7431d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
index e770e300f..ceffa12a0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
index fd57152b8..0ee33185e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index efb57601c..4127e7265 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_deny=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
index b780f3203..bc0966113 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
index 595b85192..392d025a0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
index 2a6868f38..70448df97 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
index 09d8aeee0..72b3aeacb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
index 3c0e1430e..d1dd0ffc3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-010330
stigid@ol8: OL08-00-020022,OL08-00-020023
stigid@rhel7: RHEL-07-010330
- stigid@rhel8: RHEL-08-020023
+ stigid@almalinux8: RHEL-08-020023
stigid@rhel9: RHEL-09-411080
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{% if product == "rhel8" %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
index b3232cc93..ec32d65f7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
index 99025443d..850740db2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
pam_files=("password-auth" "system-auth")
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
index 476c4e77e..2152306fe 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
index 87bca6919..f2957144e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
2023-10-30 15:13:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
authselect enable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index 7c702d669..06c0d31e2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
index e199c9f99..81903f742 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
@@ -33,7 +33,7 @@ references:
nist: AC-7(b),AC-7(a),AC-7.1(ii)
srg: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128
stigid@ol8: OL08-00-020016,OL08-00-020017
- stigid@rhel8: RHEL-08-020016,RHEL-08-020017
+ stigid@almalinux8: RHEL-08-020016,RHEL-08-020017
stigid@rhel9: RHEL-09-411105
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "dir" option is not set to a non-default documented tally log directory, is missing or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
index 679e47bcc..4f798d486 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
index 6bb763cf5..9562ea10f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
index 2f08a7d47..19ae579cf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
index fd8e44443..9240e6cf3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
index e9c09b713..9fc45f3d1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("local_users_only", "") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
index 856bd56ea..71194a32f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
authselect disable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
index 075791de6..1ccb03dbd 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
authselect enable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index 978cccce6..8cc6c0b53 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
index 053f91100..04f362717 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# This test scenario manually modify the pam_faillock.so entries in auth section from
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
index 039fc5191..cb0f0134d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
index e7a0882f2..c07fd02e0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
index ecd22ef90..ed030b4f4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020012,OL08-00-020013
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020012,RHEL-08-020013
+ stigid@almalinux8: RHEL-08-020012,RHEL-08-020013
stigid@rhel9: RHEL-09-411085
stigid@ubuntu2004: UBTU-20-010072
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
index b3232cc93..ec32d65f7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
index 9a553893c..239179515 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
pam_files=("password-auth" "system-auth")
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
index 0b67e0e02..f4ab6a731 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
index 59daba0dd..f4d1b8bf0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
index 82bf9fa75..5ab933ad8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
index 74236e2fb..6341829be 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index ef2461160..c47470ab4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
index 95ad62037..0a78cef63 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
index c71a12afe..6dd3f50d6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
index 5e228a5f6..84040d04d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
@@ -29,7 +29,7 @@ references:
disa: CCI-002238,CCI-000044
srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
stigid@ol8: OL08-00-020018,OL08-00-020019
- stigid@rhel8: RHEL-08-020018,RHEL-08-020019
+ stigid@almalinux8: RHEL-08-020018,RHEL-08-020019
stigid@ubuntu2004: UBTU-20-010072
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the system shows messages when three unsuccessful logon attempts occur'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
index fdd0c4c06..ec8195db8 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
2022-06-29 08:41:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
index ebabc6518..b02f953cc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
2023-10-30 15:13:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
index a10547339..c01c35a48 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
index f73c751f5..146acc847 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
2023-10-30 15:13:07 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
index 514b2bb37..79374ea78 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
index 230ff5eaa..c53da64d0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
index 3a32aad36..d1f4a0327 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
index b2ea25f78..7ff4967ac 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
@@ -65,7 +65,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020014,OL08-00-020015
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020014,RHEL-08-020015
+ stigid@almalinux8: RHEL-08-020014,RHEL-08-020015
stigid@rhel9: RHEL-09-411090
stigid@ubuntu2004: UBTU-20-010072
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
index b3232cc93..ec32d65f7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
index d547b0e35..925fc0dbe 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
pam_files=("password-auth" "system-auth")
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
index 057348eb4..0b2000ba3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
index 1be527fa2..068b4ead0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
index 1840cae45..953ba3353 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
index 838ab7c53..4f717ef5a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index b7b1532bb..5b8279841 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
index e271e2689..d04463db4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{%- if product in ["rhel7"] %}}
# packages = authconfig
{{%- else %}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
index a57645eb1..a7e7b8e9c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
index 2a2f7076e..d88b55261 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010140
stigid@ol8: OL08-00-020130
stigid@rhel7: RHEL-07-010140
- stigid@rhel8: RHEL-08-020130
+ stigid@almalinux8: RHEL-08-020130
stigid@rhel9: RHEL-09-611070
stigid@ubuntu2004: UBTU-20-010052
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
index 6f3644a50..ec6a61a97 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
@@ -32,7 +32,7 @@ references:
nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4)
srg: SRG-OS-000480-GPOS-00225
stigid@ol8: OL08-00-020300
- stigid@rhel8: RHEL-08-020300
+ stigid@almalinux8: RHEL-08-020300
stigid@rhel9: RHEL-09-611105
stigid@ubuntu2004: UBTU-20-010056
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
index b624c85ee..235d97c97 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-010160
stigid@ol8: OL08-00-020170
stigid@rhel7: RHEL-07-010160
- stigid@rhel8: RHEL-08-020170
+ stigid@almalinux8: RHEL-08-020170
stigid@rhel9: RHEL-09-611115
stigid@ubuntu2004: UBTU-20-010053
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
index 97155923c..03a247a3e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010130
stigid@ol8: OL08-00-020120
stigid@rhel7: RHEL-07-010130
- stigid@rhel8: RHEL-08-020120
+ stigid@almalinux8: RHEL-08-020120
stigid@rhel9: RHEL-09-611065
stigid@ubuntu2004: UBTU-20-010051
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
index 12a53da33..7b5e527a3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-010190
stigid@ol8: OL08-00-020140
stigid@rhel7: RHEL-07-010190
- stigid@rhel8: RHEL-08-020140
+ stigid@almalinux8: RHEL-08-020140
stigid@rhel9: RHEL-09-611120
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: the value of "maxclassrepeat" is set to "0", more than "{{{ xccdf_value("var_password_pam_maxclassrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
index 3a9a9b66f..d4318c674 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-010180
stigid@ol8: OL08-00-020150
stigid@rhel7: RHEL-07-010180
- stigid@rhel8: RHEL-08-020150
+ stigid@almalinux8: RHEL-08-020150
stigid@rhel9: RHEL-09-611125
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
index 5865b5d32..0fc0ceeb9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-010170
stigid@ol8: OL08-00-020160
stigid@rhel7: RHEL-07-010170
- stigid@rhel8: RHEL-08-020160
+ stigid@almalinux8: RHEL-08-020160
stigid@rhel9: RHEL-09-611130
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
index a47d1052d..6e15f685c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-010280
stigid@ol8: OL08-00-020230
stigid@rhel7: RHEL-07-010280
- stigid@rhel8: RHEL-08-020230
+ stigid@almalinux8: RHEL-08-020230
stigid@rhel9: RHEL-09-611090
stigid@ubuntu2004: UBTU-20-010054
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
index 4ec95bbc0..cc6092638 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010150
stigid@ol8: OL08-00-020280
stigid@rhel7: RHEL-07-010150
- stigid@rhel8: RHEL-08-020280
+ stigid@almalinux8: RHEL-08-020280
stigid@rhel9: RHEL-09-611100
stigid@ubuntu2004: UBTU-20-010055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
index 06f7962fd..dc6eea20d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
index a55859203..377efc82e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
index 90a06a460..1b556d644 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
@@ -24,7 +24,7 @@ references:
disa: CCI-000366
srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020100
- stigid@rhel8: RHEL-08-020100
+ stigid@almalinux8: RHEL-08-020100
stigid@rhel9: RHEL-09-611040
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'pam_pwquality.so is not enabled in password-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
index 81d2955d3..8c9b1d1f2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
index 4bb7a4872..f73dd8b0f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
index 32ce46407..168ca249a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
index 0f9b75cec..75ac241d9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/password-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
index 61c28f2d6..30166c800 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
index 90484d66f..81664de52 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
index 4ea10f4c4..6c1de4e4c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/system-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
index c7c408229..f3a817cd9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
@@ -24,7 +24,7 @@ references:
disa: CCI-000366
2021-11-17 13:33:00 +00:00
srg: SRG-OS-000480-GPOS-00227
2024-03-04 15:52:37 +00:00
stigid@ol8: OL08-00-020101
- stigid@rhel8: RHEL-08-020101
+ stigid@almalinux8: RHEL-08-020101
stigid@rhel9: RHEL-09-611045
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'pam_pwquality.so is not enabled in system-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
index f68622be4..c8e13631a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
index 0de6065a2..57e6c8bdb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
index 03a4ef295..31b622c66 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
index ae0ed105d..cc1f3ca20 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
index 60ebfdeba..2b9d40cf6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
index 36e9a27b9..fe1b603ab 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
index de894c403..0764b83d1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010119
stigid@ol8: OL08-00-020102,OL08-00-020103,OL08-00-020104
stigid@rhel7: RHEL-07-010119
- stigid@rhel8: RHEL-08-020104
+ stigid@almalinux8: RHEL-08-020104
stigid@rhel9: RHEL-09-611010
stigid@ubuntu2004: UBTU-20-010057
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
index 03723cd8c..1df4f1d61 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
index 19cac93f4..4a5b1142b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
index ae605f717..db875782d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
index ce7f4b7a3..0aeb8535b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
index 962112d6a..f0db47d5e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
index ea2eb57fe..033bbbceb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
index 2fe0e6975..d331f0ead 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-010120
stigid@ol8: OL08-00-020110
stigid@rhel7: RHEL-07-010120
- stigid@rhel8: RHEL-08-020110
+ stigid@almalinux8: RHEL-08-020110
stigid@rhel9: RHEL-09-611110
stigid@ubuntu2004: UBTU-20-010050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
index b3e32aa31..547d137b1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
2021-11-17 13:33:00 +00:00
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
index 115273566..bd94d707c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
LIBUSER_CONF="/etc/libuser.conf"
CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
index 8dedf993c..51c76b11a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
2021-11-17 13:33:00 +00:00
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
index 2712118e5..d4ec2c50c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_password_hashing_algorithm") }}}
{{{ bash_replace_or_append('/etc/login.defs', '^ENCRYPT_METHOD', "$var_password_hashing_algorithm", '%s %s') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
index e1b055c2d..fbcbb14bb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-010210
stigid@ol8: OL08-00-010110
stigid@rhel7: RHEL-07-010210
- stigid@rhel8: RHEL-08-010110
+ stigid@almalinux8: RHEL-08-010110
stigid@rhel9: RHEL-09-611140
stigid@sle12: SLES-12-010210
stigid@sle15: SLES-15-010260
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
index 31c14211e..be9f04642 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
# reboot = false
# strategy = configure
2021-11-17 13:33:00 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
index 55f43ef98..2b993b52b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'sha512', '', '') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
index cbaf2717b..ad1f92b4f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-010200
stigid@ol8: OL08-00-010160
stigid@rhel7: RHEL-07-010200
- stigid@rhel8: RHEL-08-010160
+ stigid@almalinux8: RHEL-08-010160
stigid@rhel9: RHEL-09-671025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
index 17a57e1e1..69875871e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
index b76a6118f..03d3c9c82 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
index 0ca781181..ff6ba0c88 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
PASSWORD_AUTH_FILE="/etc/pam.d/password-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
index f72c7bde2..096a6a6a1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index 484a256ac..c91a3e72a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -72,7 +72,7 @@ references:
stigid@ol7: OL07-00-010200
stigid@ol8: OL08-00-010159
stigid@rhel7: RHEL-07-010200
- stigid@rhel8: RHEL-08-010159
+ stigid@almalinux8: RHEL-08-010159
stigid@sle12: SLES-12-010230
stigid@sle15: SLES-15-020170
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
index 74ea0c265..13bf2f931 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
index f74ccbd86..50be3f04b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
@@ -1,6 +1,6 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
index 27be252bc..ee688c907 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
index d4b163f24..521579a20 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
index 2fc9a1715..8f46a5ffd 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
@@ -35,7 +35,7 @@ references:
nist@sle12: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010130
- stigid@rhel8: RHEL-08-010130
+ stigid@almalinux8: RHEL-08-010130
stigid@rhel9: RHEL-09-611150
stigid@sle12: SLES-12-010240
stigid@sle15: SLES-15-020190
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
index 3045574e5..7ce6bb466 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
index e5b165ba3..7a3f082b9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -71,7 +71,7 @@ references:
ospp: FAU_GEN.1.2
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040172
- stigid@rhel8: RHEL-08-040172
+ stigid@almalinux8: RHEL-08-040172
stigid@rhel9: RHEL-09-211045
stigid@sle15: SLES-15-040062
stigid@ubuntu2004: UBTU-20-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
index 517c83c6e..041e9a29c 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index 19920708b..bff43f513 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -76,7 +76,7 @@ references:
stigid@ol7: OL07-00-020230
stigid@ol8: OL08-00-040170
stigid@rhel7: RHEL-07-020230
- stigid@rhel8: RHEL-08-040170
+ stigid@almalinux8: RHEL-08-040170
stigid@rhel9: RHEL-09-211050
stigid@sle12: SLES-12-010610
stigid@sle15: SLES-15-040060
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
index df962ec25..fd5529e69 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
systemctl disable --now ctrl-alt-del.target
systemctl mask --now ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
index faf4c11dc..ddbab8acb 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
@@ -1,4 +1,4 @@
2021-09-15 11:41:44 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
systemctl unmask ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
index adfa0871c..3af531ad1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
@@ -41,7 +41,7 @@ references:
pcidss: Req-8.1.8
srg: SRG-OS-000163-GPOS-00072
stigid@ol8: OL08-00-020035
- stigid@rhel8: RHEL-08-020035
+ stigid@almalinux8: RHEL-08-020035
stigid@rhel9: RHEL-09-412080
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: "the option is not configured"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
index a3490a60d..b0c3f31d6 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
@@ -18,7 +18,7 @@
create: yes
dest: /usr/lib/systemd/system/emergency.service
regexp: "^#?ExecStart="
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] -%}}
line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency"
{{%- else -%}}
line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
index 2a65ef992..319be43db 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
@@ -7,7 +7,7 @@ service_dropin_file="${service_dropin_cfg_dir}/10-oscap.conf"
service_file="/usr/lib/systemd/system/emergency.service"
{{% endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency"
{{%- else -%}}
sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
index 90ef51b2a..cf288e66b 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
@@ -24,7 +24,7 @@
</definition>
<ind:textfilecontent54_test check="all" check_existence="all_exist"
comment="Tests that
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
/usr/lib/systemd/systemd-sulogin-shell
{{%- else -%}}
/sbin/sulogin
@@ -36,7 +36,7 @@
</ind:textfilecontent54_test>
<ind:textfilecontent54_object id="obj_require_emergency_service" version="1">
<ind:filepath>/usr/lib/systemd/system/emergency.service</ind:filepath>
- {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
<ind:pattern operation="pattern match">^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency</ind:pattern>
{{%- else -%}}
<ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern>
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
index dfeba9cd9..d7752da13 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
@@ -44,7 +44,7 @@ references:
srg: SRG-OS-000080-GPOS-00048
stigid@ol7: OL07-00-010481
stigid@ol8: OL08-00-010152
- stigid@rhel8: RHEL-08-010152
+ stigid@almalinux8: RHEL-08-010152
stigid@rhel9: RHEL-09-611195
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the output is different'
@@ -53,7 +53,7 @@ ocil: |-
To check if authentication is required for emergency mode, run the following command:
<pre>$ grep sulogin /usr/lib/systemd/system/emergency.service</pre>
The output should be similar to the following, and the line must begin with
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
<pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</pre>
{{%- else -%}}
@@ -81,7 +81,7 @@ fixtext: |-
Configure {{{ full_name }}} to require authentication for system emergency mode.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
- {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}}
ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
index bce932b72..e446c7836 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
service_file="/usr/lib/systemd/system/emergency.service"
sulogin="/usr/lib/systemd/systemd-sulogin-shell"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
index d9fdc678f..a4f6ea6a9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
service_file="/usr/lib/systemd/system/emergency.service"
sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
index 225a73f0b..4e40c7c34 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
@@ -9,7 +9,7 @@
create: yes
dest: /usr/lib/systemd/system/rescue.service
regexp: "^#?ExecStart="
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
{{% elif product in ["rhel7"] %}}
line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
index e4624e582..ee5d8b52c 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
@@ -2,7 +2,7 @@
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
service_file="/usr/lib/systemd/system/rescue.service"
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue"
{{%- elif product in ["rhel7"] -%}}
sulogin='/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
index 62fd1a76a..bb8a6b6a7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
@@ -14,7 +14,7 @@
</definition>
<ind:textfilecontent54_test check="all" check_existence="all_exist"
comment="Tests that
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
/usr/lib/systemd/systemd-sulogin-shell
{{%- else -%}}
/sbin/sulogin
@@ -26,7 +26,7 @@
</ind:textfilecontent54_test>
<ind:textfilecontent54_object id="obj_require_rescue_service" version="1">
<ind:filepath>/usr/lib/systemd/system/rescue.service</ind:filepath>
- {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
+ {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
<ind:pattern operation="pattern match">^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue</ind:pattern>
{{%- else -%}}
<ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern>
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index b02795a25..88e89d60e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-010481
stigid@ol8: OL08-00-010151
stigid@rhel7: RHEL-07-010481
- stigid@rhel8: RHEL-08-010151
+ stigid@almalinux8: RHEL-08-010151
stigid@rhel9: RHEL-09-611200
ocil_clause: 'the output is different'
@@ -57,7 +57,7 @@ ocil: |-
To check if authentication is required for single-user mode, run the following command:
<pre>$ grep sulogin /usr/lib/systemd/system/rescue.service</pre>
The output should be similar to the following, and the line must begin with
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "rhcos4"] -%}}
ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
<pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue</pre>
{{%- elif product in ["rhel7"] -%}}
@@ -90,7 +90,7 @@ fixtext: |-
Configure {{{ full_name }}} to require authentication in single user mode.
Add or update the following line in "/usr/lib/systemd/system/rescue.service":
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- elif product in ["rhel7"] -%}}
ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
index fd13fbd1c..18d27a02a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
2022-06-29 08:41:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
service_file="/usr/lib/systemd/system/rescue.service"
sulogin="/usr/lib/systemd/systemd-sulogin-shell"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
index 63b9b08b5..15abe6cec 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
service_file="/usr/lib/systemd/system/rescue.service"
sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
index 5c6dd41e1..c0ce5f53a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2022-06-29 08:41:07 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = configure
2022-06-29 08:41:07 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
index f47326940..42d591752 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2022-06-29 08:41:07 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = configure
2022-06-29 08:41:07 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
index 0afa3d155..39eaf19f9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
@@ -26,7 +26,7 @@ references:
disa: CCI-000056,CCI-000058
srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020041
- stigid@rhel8: RHEL-08-020041
+ stigid@almalinux8: RHEL-08-020041
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: package[tmux]
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
index dc63eb653..dc6931307 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
index 7dc00349c..8c7766803 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol8: OL08-00-020070
- stigid@rhel8: RHEL-08-020070
+ stigid@almalinux8: RHEL-08-020070
stigid@rhel9: RHEL-09-412025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
index ca1def0cd..753e7f7ff 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
@@ -29,7 +29,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020040
- stigid@rhel8: RHEL-08-020040
+ stigid@almalinux8: RHEL-08-020040
stigid@rhel9: RHEL-09-412020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
index ddfb97fa4..5213cdee6 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
chmod 0644 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
index 38bf0f874..696a2bba2 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo > '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
index 5c630fa9e..6aebf9f3d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo '# set -g lock-command vlock' >> '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
index ec984bb94..8d4f4eb93 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
chmod 0600 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
index acd297d55..d8dc1cd00 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo 'set -g lock-command locker' >> '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
index 60f91e405..7e62e1c3b 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
@@ -25,7 +25,7 @@ references:
disa: CCI-000056
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020040
- stigid@rhel8: RHEL-08-020040
+ stigid@almalinux8: RHEL-08-020040
stigid@rhel9: RHEL-09-412020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: package[tmux]
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
index 9977bec01..501e4bd18 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
echo 'bind W lock-session' >> '/etc/tmux.conf'
chmod 0644 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
index 6bfc77c2e..5d4b3f329 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
echo 'bind X lock-session' >> '/etc/tmux.conf'
chmod 0644 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
index 38bf0f874..696a2bba2 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
echo > '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
index d3836153e..113f74ee0 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
echo '# bind X lock-session' >> '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
index 32f662e4e..0d4acb21a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
echo 'bind X lock-session' >> '/etc/tmux.conf'
chmod 0600 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
index 6b2d6cd5e..c20712c9f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
index 7273c0e03..c34853fd9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
@@ -25,7 +25,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020042
- stigid@rhel8: RHEL-08-020042
+ stigid@almalinux8: RHEL-08-020042
stigid@rhel9: RHEL-09-412030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'tmux is listed in /etc/shells'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
index db6774627..2ad46e676 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
@@ -42,7 +42,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009
stigid@ol8: OL08-00-020039
- stigid@rhel8: RHEL-08-020039
+ stigid@almalinux8: RHEL-08-020039
stigid@rhel9: RHEL-09-412010
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
index f79727a03..49f74f418 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 036d0faf9..9f5cf165f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-041001
stigid@ol8: OL08-00-010390
stigid@rhel7: RHEL-07-041001
- stigid@rhel8: RHEL-08-010390
+ stigid@almalinux8: RHEL-08-010390
stigid@rhel9: RHEL-09-215075
stigid@sle12: SLES-12-030500
stigid@sle15: SLES-15-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
index 4da85dda7..76ae6bcad 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
@@ -35,7 +35,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161
stigid@ol8: OL08-00-010410
- stigid@rhel8: RHEL-08-010410
+ stigid@almalinux8: RHEL-08-010410
stigid@rhel9: RHEL-09-611185
stigid@ubuntu2004: UBTU-20-010064
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
index 18231e23a..c986f5c73 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
index d321bc5a4..1ee8fabf6 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_package_install("pam_pkcs11") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
index c2afecc19..652fbedb7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
# packages = openssl-pkcs11
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
index d7103cc0a..68c252f78 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# packages = openssl-pkcs11
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
index c0cc3c94f..6db041b04 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# packages = openssl-pkcs11
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
index ff493491e..082c8e61a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
index b2121a966..ae703a302 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
@@ -37,7 +37,7 @@ references:
ospp: FIA_UAU.1
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040180
- stigid@rhel8: RHEL-08-040180
+ stigid@almalinux8: RHEL-08-040180
stigid@rhel9: RHEL-09-211055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
index 74598bc7e..680caf4ba 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
index f299285d4..52e841b61 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 36992fe58..03e043c29 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-010310
stigid@ol8: OL08-00-020260
stigid@rhel7: RHEL-07-010310
- stigid@rhel8: RHEL-08-020260
+ stigid@almalinux8: RHEL-08-020260
stigid@rhel9: RHEL-09-411050
stigid@sle12: SLES-12-010340
stigid@sle15: SLES-15-020050
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
index 8391e5031..ea01f09d5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
@@ -45,7 +45,7 @@ references:
stigid@ol7: OL07-00-010271
stigid@ol8: OL08-00-020000
stigid@rhel7: RHEL-07-010271
- stigid@rhel8: RHEL-08-020000,RHEL-08-020270
+ stigid@almalinux8: RHEL-08-020000,RHEL-08-020270
stigid@rhel9: RHEL-09-411040
stigid@sle12: SLES-12-010360
stigid@sle15: SLES-15-020000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index 4d205d4d1..d5bd37e52 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -30,7 +30,7 @@ references:
pcidss4: "8.2.1"
srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020
stigid@ol8: OL08-00-020240
- stigid@rhel8: RHEL-08-020240
+ stigid@almalinux8: RHEL-08-020240
stigid@rhel9: RHEL-09-411030
stigid@sle12: SLES-12-010640
stigid@sle15: SLES-15-010230
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
index 6961aae77..21c51a849 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-020270
stigid@ol8: OL08-00-020320
stigid@rhel7: RHEL-07-020270
- stigid@rhel8: RHEL-08-020320
+ stigid@almalinux8: RHEL-08-020320
stigid@rhel9: RHEL-09-411095
stigid@sle12: SLES-12-010630
stigid@sle15: SLES-15-020090
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
index aa147fdce..bb8288f5b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
@@ -1,5 +1,5 @@
#! /bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# variables = var_accounts_authorized_local_users_regex=^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
index 1e571bcbf..7901ceae0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index 44c8e8b7f..d853a69a8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-010250
stigid@ol8: OL08-00-020200
stigid@rhel7: RHEL-07-010250
- stigid@rhel8: RHEL-08-020200
+ stigid@almalinux8: RHEL-08-020200
stigid@rhel9: RHEL-09-411010
stigid@sle12: SLES-12-010280
stigid@sle15: SLES-15-020220
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
index 0c81c0ee5..29f31c654 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index 82a14340f..77049983f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-010230
stigid@ol8: OL08-00-020190
stigid@rhel7: RHEL-07-010230
- stigid@rhel8: RHEL-08-020190
+ stigid@almalinux8: RHEL-08-020190
stigid@rhel9: RHEL-09-611075
stigid@sle12: SLES-12-010260
stigid@sle15: SLES-15-020200
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
index b04d7cdb8..0d5a5831e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
index dcc5de3f1..268aafbab 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
{{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
index 37a247f30..d7fc1f363 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
@@ -47,7 +47,7 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
srg: SRG-OS-000078-GPOS-00046
stigid@ol8: OL08-00-020231
- stigid@rhel8: RHEL-08-020231
+ stigid@almalinux8: RHEL-08-020231
stigid@rhel9: RHEL-09-611095
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'it is not set to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
index cb388dd9b..58223531f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
2021-11-17 13:33:00 +00:00
@@ -1,7 +1,7 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
index 7aaac8c68..1f1c11f06 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
index 89ab4795b..d7b8f29f4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
index 00649b0bf..6d8d8f7d4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
index 3772aee13..4dfc4668b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
index e387ed756..bcf05096d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
index 8ff7cba19..14ece5d17 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index e12e98e94..3869754ce 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-010260
stigid@ol8: OL08-00-020210
stigid@rhel7: RHEL-07-010260
- stigid@rhel8: RHEL-08-020210
+ stigid@almalinux8: RHEL-08-020210
stigid@rhel9: RHEL-09-411015
stigid@sle12: SLES-12-010290
stigid@sle15: SLES-15-020230
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index 32bb06866..6e9730a10 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-010240
stigid@ol8: OL08-00-020180
stigid@rhel7: RHEL-07-010240
- stigid@rhel8: RHEL-08-020180
+ stigid@almalinux8: RHEL-08-020180
stigid@rhel9: RHEL-09-611080
stigid@sle12: SLES-12-010270
stigid@sle15: SLES-15-020210
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
index 4994ff315..e8469b8e9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
index de8560f12..7c5b932c6 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -37,7 +37,7 @@ references:
nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010120
- stigid@rhel8: RHEL-08-010120
+ stigid@almalinux8: RHEL-08-010120
stigid@rhel9: RHEL-09-671015
stigid@sle12: SLES-12-010220
stigid@sle15: SLES-15-020180
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
index 82110016d..2a73ed386 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
index a40010714..d244fc548 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
index 3e24ba16a..f3030f2af 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
index 39690d88d..f85baccad 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
index 9c99fc307..582d69dd0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
index dc8b11e2d..776921f27 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
index 96bcc3e23..0e90d7d60 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=4000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
index c0b520bdf..70ab14cba 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
index 8316e495a..bf8a4c240 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
index 3da866412..de98db38a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
index 67a052f98..7bcaa94f0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
index 3e62935b5..9c2631a46 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
index 85bbbdb7f..2a9b3947b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
index 244799045..be78a8508 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ROUNDS=4000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
index 26f00c7de..c9494b5fc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = configure
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
index a59d563d7..331a34b2c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
index ad3133b1f..eac1b843a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
index 33f9a8298..c4dbe8bd3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-010290
stigid@ol8: OL08-00-020331,OL08-00-020332
stigid@rhel7: RHEL-07-010290
- stigid@rhel8: RHEL-08-020331,RHEL-08-020332
+ stigid@almalinux8: RHEL-08-020331,RHEL-08-020332
stigid@rhel9: RHEL-09-611025
stigid@sle12: SLES-12-010231
stigid@sle15: SLES-15-020300
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
index 1dd45236b..6766ce732 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
index 0dfb32e31..03bcd23d1 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
index 9dc5d7677..a16c83995 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = authselect
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
index d1318756d..30714ddf7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-010291
stigid@ol8: OL08-00-010121
stigid@rhel7: RHEL-07-010291
- stigid@rhel8: RHEL-08-010121
+ stigid@almalinux8: RHEL-08-010121
stigid@rhel9: RHEL-09-611155
stigid@sle12: SLES-12-010221
stigid@sle15: SLES-15-020181
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index 6ef6e7166..26c9fc739 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-020310
stigid@ol8: OL08-00-040200
stigid@rhel7: RHEL-07-020310
- stigid@rhel8: RHEL-08-040200
+ stigid@almalinux8: RHEL-08-040200
stigid@rhel9: RHEL-09-411100
stigid@sle12: SLES-12-010650
stigid@sle15: SLES-15-020100
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
index 888cc054f..2b7d571ad 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
index 7bbfd7675..3d438fe7a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
index 8f87bf06e..6bed5ef5a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
index 5f9c92aac..119219eb0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
index 945940087..c71e3c698 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
index e7f5c730c..8f06c6cfa 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
index bd1ba1ccb..d139fdda4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# uncomment the option if commented
sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
index e236b1ec2..d84d7345f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
index d16374ffd..1ae066fd9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
PAM_CONF=/etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
index 05db805a9..e26fc1ed1 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-020610
stigid@ol8: OL08-00-010760
stigid@rhel7: RHEL-07-020610
- stigid@rhel8: RHEL-08-010760
+ stigid@almalinux8: RHEL-08-010760
stigid@rhel9: RHEL-09-411020
stigid@sle12: SLES-12-010720
stigid@sle15: SLES-15-020110
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
index 53b68079e..2a6b66121 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol
# disruption = low
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
index 23e6f0dd5..6055798dd 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
index ff6e6b0e0..6b0015b41 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-010430
stigid@ol8: OL08-00-020310
stigid@rhel7: RHEL-07-010430
- stigid@rhel8: RHEL-08-020310
+ stigid@almalinux8: RHEL-08-020310
stigid@rhel9: RHEL-09-412050
stigid@sle12: SLES-12-010140
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
index 536ac2956..d1bff5ffa 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
index 0005b2ccb..0329d6cdf 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
index 3242bb77e..f1bc3df6f 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-040000
stigid@ol8: OL08-00-020024
stigid@rhel7: RHEL-07-040000
- stigid@rhel8: RHEL-08-020024
+ stigid@almalinux8: RHEL-08-020024
stigid@rhel9: RHEL-09-412040
stigid@sle12: SLES-12-010120
stigid@sle15: SLES-15-020020
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
index 8f060f47d..099a8f029 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
index bb4f52f3a..af6adefb0 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
index bfc919f82..89b509d0c 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
@@ -36,7 +36,7 @@ references:
stigid@ol7: OL07-00-020730
stigid@ol8: OL08-00-010660
stigid@rhel7: RHEL-07-020730
- stigid@rhel8: RHEL-08-010660
+ stigid@almalinux8: RHEL-08-010660
stigid@rhel9: RHEL-09-411115
stigid@sle12: SLES-12-010780
stigid@sle15: SLES-15-040130
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
index 3cad08ecd..055d4d27d 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
@@ -34,7 +34,7 @@ references:
stigid@ol7: OL07-00-020720
stigid@ol8: OL08-00-010690
stigid@rhel7: RHEL-07-020720
- stigid@rhel8: RHEL-08-010690
+ stigid@almalinux8: RHEL-08-010690
stigid@rhel9: RHEL-09-411055
stigid@sle12: SLES-12-010770
stigid@sle15: SLES-15-040120
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
index 6c4ebf5a6..014269578 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
@@ -30,7 +30,7 @@ references:
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010720
stigid@rhel7: RHEL-07-020600
- stigid@rhel8: RHEL-08-010720
+ stigid@almalinux8: RHEL-08-010720
stigid@rhel9: RHEL-09-411060
stigid@sle12: SLES-12-010710
stigid@sle15: SLES-15-040070
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index 44af82586..65cde347e 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-020620
stigid@ol8: OL08-00-010750
stigid@rhel7: RHEL-07-020620
- stigid@rhel8: RHEL-08-010750
+ stigid@almalinux8: RHEL-08-010750
stigid@rhel9: RHEL-09-411065
stigid@sle12: SLES-12-010730
stigid@sle15: SLES-15-040080
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
index db0266c42..a23e040dc 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-020670
stigid@ol8: OL08-00-010741
stigid@rhel7: RHEL-07-020670
- stigid@rhel8: RHEL-08-010741
+ stigid@almalinux8: RHEL-08-010741
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the group ownership is incorrect'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
index 00eaf4d82..f4da31128 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
@@ -29,7 +29,7 @@ references:
stigid@ol7: OL07-00-020680
stigid@ol8: OL08-00-010731
stigid@rhel7: RHEL-07-020680
- stigid@rhel8: RHEL-08-010731
+ stigid@almalinux8: RHEL-08-010731
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'home directory files or folders have incorrect permissions'
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index f5207507d..b679c7346 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-020650
stigid@ol8: OL08-00-010740
stigid@rhel7: RHEL-07-020650
- stigid@rhel8: RHEL-08-010740
+ stigid@almalinux8: RHEL-08-010740
stigid@rhel9: RHEL-09-411070
stigid@sle12: SLES-12-010750
stigid@sle15: SLES-15-040100
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
index af9de41bb..de12600de 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-020710
stigid@ol8: OL08-00-010770
stigid@rhel7: RHEL-07-020710
- stigid@rhel8: RHEL-08-010770
+ stigid@almalinux8: RHEL-08-010770
stigid@rhel9: RHEL-09-232045
stigid@sle12: SLES-12-010760
stigid@sle15: SLES-15-040110
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
index 5533ddb54..7467d0fcb 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -35,7 +35,7 @@ references:
stigid@ol7: OL07-00-020630
stigid@ol8: OL08-00-010730
stigid@rhel7: RHEL-07-020630
- stigid@rhel8: RHEL-08-010730
+ stigid@almalinux8: RHEL-08-010730
stigid@rhel9: RHEL-09-232050
stigid@sle12: SLES-12-010740
stigid@sle15: SLES-15-040090
diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
index 5bfb963a1..77807dbfb 100644
--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
index c1809dbd2..9d33dee0c 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -50,7 +50,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
stigid@rhel9: RHEL-09-412055
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
platform: package[bash]
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
index 5dac9eec3..e28301101 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
# packages = bash
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
sed -i '/umask/d' /etc/bashrc
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
index 0f681a6db..846b47fee 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
2023-10-30 15:13:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_accounts_user_umask") }}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
index 66dd2ac52..e78b416c6 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
stigid@rhel9: RHEL-09-412060
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "umask" parameter is missing or is commented out'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
index 04f6247a8..bd02cb830 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# profiles = xccdf_org.ssgproject.content_profile_stig
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i '/umask/d' /etc/csh.cshrc
echo "umask 077" >> /etc/csh.cshrc
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
index 5beaa22dc..e9bd5faac 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-020240
stigid@ol8: OL08-00-020351
stigid@rhel7: RHEL-07-020240
- stigid@rhel8: RHEL-08-020351
+ stigid@almalinux8: RHEL-08-020351
stigid@rhel9: RHEL-09-412065
stigid@sle12: SLES-12-010620
stigid@sle15: SLES-15-040420
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
index 5584be566..02beb8e8d 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -46,7 +46,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
stigid@rhel9: RHEL-09-412070
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
index a9d6266e4..4d1638c07 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-021040
stigid@ol8: OL08-00-020352
stigid@rhel7: RHEL-07-021040
- stigid@rhel8: RHEL-08-020352
+ stigid@almalinux8: RHEL-08-020352
stigid@rhel9: RHEL-09-411025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077"'
diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
index ec75bf6d2..eb2aa2ea1 100644
--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2024-03-04 15:52:37 +00:00
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
index a545d9791..383a6ee76 100644
--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2024-03-04 15:52:37 +00:00
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
touch /etc/pam.d/{password,system}-auth-{mycustomconfig,ac}
diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
index 82fb5d543..2dbee752d 100644
--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
+++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2024-03-04 15:52:37 +00:00
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
index ef7e5cc46..cd071b475 100644
--- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
index 31c46debf..9b4e3abe2 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = authselect,pam
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
index ac68df9e0..f589bfb44 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = authselect,pam
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
authselect select minimal --force
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
index 3bd07c62e..e328ca74c 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = authselect,pam
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
index ec789a5c1..4e395cb3d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
index 95752040a..6e038b392 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index 224bfa25e..6ed40cfb7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index 5bef7b854..25a8d6a97 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@rhel9: RHEL-09-654015
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index 78a1cb522..29701e294 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index b007a8a8d..85ff8153e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index a27c40600..430845ac6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -11,13 +11,13 @@ description: |-
startup (the default), add the following line to a file with suffix
<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
@@ -25,13 +25,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -80,7 +80,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index 01286a2ab..a1a7708fc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -75,7 +75,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 5d1020b16..28f6e6d6a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@rhel9: RHEL-09-654020
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
index d5b4fe1e9..548e45250 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -11,13 +11,13 @@ description: |-
startup (the default), add the following line to a file with suffix
<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
@@ -25,13 +25,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -80,7 +80,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index 9f75c0f81..ab4490051 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -75,7 +75,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index c61fcfbae..ef632536a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -10,13 +10,13 @@ description: |-
program to read audit rules during daemon startup (the default), add the
following line to a file with suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
@@ -24,13 +24,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
<br /><br />
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -79,7 +79,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index eeb9088ed..5c791ffc2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
<tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
<pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
utility to read audit rules during daemon startup, add the following line to
<tt>/etc/audit/audit.rules</tt> file:
<pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
If the system is 64 bit then also add the following line:
<pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
<pre>-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod</pre>
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -75,7 +75,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@rhel9: RHEL-09-654025
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index cd14452f8..2cc1e9fd1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -41,7 +41,7 @@ references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol8: OL08-00-030570
- stigid@rhel8: RHEL-08-030570
+ stigid@almalinux8: RHEL-08-030570
stigid@rhel9: RHEL-09-654035
stigid@sle12: SLES-12-020620
stigid@sle15: SLES-15-030440
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index 0f0925724..aab35206e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -40,7 +40,7 @@ references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030330
- stigid@rhel8: RHEL-08-030330
+ stigid@almalinux8: RHEL-08-030330
stigid@rhel9: RHEL-09-654040
stigid@sle12: SLES-12-020610
stigid@sle15: SLES-15-030430
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index c37003fdb..95bd09eae 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030580
stigid@ol8: OL08-00-030260
stigid@rhel7: RHEL-07-030580
- stigid@rhel8: RHEL-08-030260
+ stigid@almalinux8: RHEL-08-030260
stigid@rhel9: RHEL-09-654045
stigid@sle12: SLES-12-020630
stigid@sle15: SLES-15-030450
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
index 4431537de..c27a75e11 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
index 698a94308..ff384761a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030560
stigid@ol8: OL08-00-030313
stigid@rhel7: RHEL-07-030560
- stigid@rhel8: RHEL-08-030313
+ stigid@almalinux8: RHEL-08-030313
stigid@rhel9: RHEL-09-654050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("semanage", "/usr/sbin/", "privileged-unix-update") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
index b8e7c3502..da5b9539b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-030590
stigid@ol8: OL08-00-030314
stigid@rhel7: RHEL-07-030590
- stigid@rhel8: RHEL-08-030314
+ stigid@almalinux8: RHEL-08-030314
stigid@rhel9: RHEL-09-654055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("setfiles", "/usr/sbin/", "privileged-unix-update") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
index 0a9b6c0d1..5df9fc4d8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-030570
stigid@ol8: OL08-00-030316
stigid@rhel7: RHEL-07-030570
- stigid@rhel8: RHEL-08-030316
+ stigid@almalinux8: RHEL-08-030316
stigid@rhel9: RHEL-09-654060
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("setsebool", "/usr/sbin/", "privileged") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
index 1214ad408..8f2bd4496 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
index 53e61fb25..e9a0edcde 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
index 5b643bdeb..d3261049c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index 7bd3799ef..08609a454 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
index 187764324..c5416af9b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index 74a105415..6c31f0695 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index d8a1a0a3e..1f9490a82 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@rhel9: RHEL-09-654065
stigid@ubuntu2004: UBTU-20-010267
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
index 8a48783f6..b846f8113 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index b1f98d255..c273eda16 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -69,7 +69,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index ff8b128f0..9a112268e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -69,7 +69,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index 068d40163..7518b9431 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -72,7 +72,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
index 602e5e328..938ce757d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
index c944fb9e6..b506644af 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
index c944fb9e6..b506644af 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index c4eb8f3ac..288b52820 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -69,7 +69,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
index c1352ae38..31de43746 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
index c944fb9e6..b506644af 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index d89aa0d27..8814a9399 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -68,7 +68,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@rhel9: RHEL-09-654070
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
index 590a5ff6b..5ceb15d9b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2024-03-04 15:52:37 +00:00
# reboot = true
2021-09-15 11:41:44 +00:00
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
index bdf3015c4..658327033 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
index 2e008b37e..7e74c94e7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
# reboot = false
# complexity = low
# disruption = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
index 7c8e520c1..e5c1d9d93 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index e25e2a8bc..6f6435c8c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030830
stigid@ol8: OL08-00-030390
stigid@rhel7: RHEL-07-030830
- stigid@rhel8: RHEL-08-030390
+ stigid@almalinux8: RHEL-08-030390
stigid@rhel9: RHEL-09-654075
stigid@sle12: SLES-12-020730
stigid@sle15: SLES-15-030520
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh
index 1bf2449b4..ddf95ef93 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu
# packages = audit
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f /etc/audit/rules.d/*
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
index 9349085f7..b20604aa7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
# reboot = false
# complexity = low
# disruption = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
index 639d76a21..7f4d463d6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index ca1c4f6a8..08a653c50 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
2023-10-30 15:13:07 +00:00
@@ -59,7 +59,7 @@ references:
2024-03-04 15:52:37 +00:00
stigid@ol7: OL07-00-030820
stigid@ol8: OL08-00-030360
stigid@rhel7: RHEL-07-030820
- stigid@rhel8: RHEL-08-030360
+ stigid@almalinux8: RHEL-08-030360
stigid@rhel9: RHEL-09-654080
stigid@sle12: SLES-12-020740
stigid@sle15: SLES-15-030530
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh
index 548015d2a..f785aab0c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu
# packages = audit
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
rm -f /etc/audit/rules.d/*
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
index 73a9f1dff..6daf2c30b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = false
# complexity = low
2024-03-04 15:52:37 +00:00
# disruption = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
index 083a612a0..3228b89b7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index b87e5b20d..34bb2eb4a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030820
stigid@ol8: OL08-00-030360
stigid@rhel7: RHEL-07-030820
- stigid@rhel8: RHEL-08-030360
+ stigid@almalinux8: RHEL-08-030360
stigid@rhel9: RHEL-09-654080
stigid@sle12: SLES-12-020740
stigid@sle15: SLES-15-030530
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh
index 8e282ee3e..d344773fa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu
+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu
# packages = audit
rm -f /etc/audit/rules.d/*
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
index 009564309..0f9a7f6e6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# packages = audit
rm -f /etc/audit/rules.d/*
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh
index 1ea2bcfa9..06d0f131a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
index 4102a3ff9..1fdbc4041 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
2023-10-30 15:13:07 +00:00
@@ -56,7 +56,7 @@ references:
2024-03-04 15:52:37 +00:00
stigid@ol7: OL07-00-030610
stigid@ol8: OL08-00-030590
stigid@rhel7: RHEL-07-030610
- stigid@rhel8: RHEL-08-030590
+ stigid@almalinux8: RHEL-08-030590
stigid@rhel9: RHEL-09-654250
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
index 123bfa32f..202a1488f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
index 2c17afeaa..0ddf37750 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
index ea2066f6f..3765d856b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
index 609e9755d..bca002bc9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
index caf40c54b..9bb1ab7de 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
index ee1fdc951..08606fcac 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
index e2750dbee..6a2992c9d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
index d8379bfe5..3c16dd148 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
index cbbcb5f67..76ebb0844 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
index 22b979187..e90519a30 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
index afdeb73d1..95b55eef4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
index b14bc1951..81934f021 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis
path="/var/run/faillock"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index d183ff5be..91546b5d0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
2023-10-30 15:13:07 +00:00
@@ -58,7 +58,7 @@ references:
2024-03-04 15:52:37 +00:00
stigid@ol7: OL07-00-030620
stigid@ol8: OL08-00-030600
stigid@rhel7: RHEL-07-030620
- stigid@rhel8: RHEL-08-030600
+ stigid@almalinux8: RHEL-08-030600
stigid@rhel9: RHEL-09-654255
stigid@sle12: SLES-12-020660
stigid@sle15: SLES-15-030480
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
index 1c7f9d26c..0d8ea4220 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = configure
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
index 8615165ec..002902145 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
index bc3f67c9c..a37ccd0bf 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
@@ -1,6 +1,6 @@
2021-09-15 11:41:44 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
sed -i '/newgrp/d' /etc/audit/audit.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
index ed2cc6c29..13cbaac12 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
@@ -1,6 +1,6 @@
2021-09-15 11:41:44 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/audit.rules
sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
index e1d5d05df..6a758969a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
index ec89d9ce8..81e0062b1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/audit.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
index ee36da807..bd848737d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# augenrules is default for rhel7
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
index b6aabf247..8405f0ba1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = audit
# remediation = none
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /tmp/privileged.rules
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
index 12f1b429a..8dea24479 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
index 711bae803..617ff1b33 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
index d272fd1d5..f7c0fec7d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
2023-10-30 15:13:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
index ecda20ef9..115487067 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
2023-10-30 15:13:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
index 51482922f..4ac366ec9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
# change key of rules for binaries in /usr/sbin
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh
index 6ef31d987..2da0682e0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
index 79c0bb972..2968492ac 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
index a8667bbfb..471d2aff2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules
echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
index b2e18d1cd..5c56cdb6d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
@@ -1,6 +1,6 @@
2023-10-30 15:13:07 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
index 81fc6dd16..9c3f84ef8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
2023-10-30 15:13:07 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
index d5ec19271..456ebfd72 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
index b628567bc..4cd1ced70 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030660
stigid@ol8: OL08-00-030250
stigid@rhel7: RHEL-07-030660
- stigid@rhel8: RHEL-08-030250
+ stigid@almalinux8: RHEL-08-030250
stigid@rhel9: RHEL-09-654085
stigid@sle12: SLES-12-020690
stigid@sle15: SLES-15-030120
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
index 7515a6681..0870a3499 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030720
stigid@ol8: OL08-00-030410
stigid@rhel7: RHEL-07-030720
- stigid@rhel8: RHEL-08-030410
+ stigid@almalinux8: RHEL-08-030410
stigid@rhel9: RHEL-09-654090
stigid@sle12: SLES-12-020580
stigid@sle15: SLES-15-030100
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
index 8ef1fdf41..237ebe6e7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030800
stigid@ol8: OL08-00-030400
stigid@rhel7: RHEL-07-030800
- stigid@rhel8: RHEL-08-030400
+ stigid@almalinux8: RHEL-08-030400
stigid@rhel9: RHEL-09-654095
stigid@sle12: SLES-12-020710
stigid@sle15: SLES-15-030130
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
index b54fefd34..623ee707e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
index de8adac1e..201b6145f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
index 3b94d7faa..238431055 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
index 18a97ba77..3ffa6ad25 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030650
stigid@ol8: OL08-00-030370
stigid@rhel7: RHEL-07-030650
- stigid@rhel8: RHEL-08-030370
+ stigid@almalinux8: RHEL-08-030370
stigid@rhel9: RHEL-09-654100
stigid@sle12: SLES-12-020560
stigid@sle15: SLES-15-030080
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
index cf58bda23..2be03b588 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
index 5baa999e7..cb49a4d71 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
index 29bfc7be7..d0910b1c6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
index de3bf60f3..5112458d4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["ol7", "rhel7", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol7", "rhel7", "rhel8", "almalinux8", "rhel9"] %}}
{{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=privileged" %}}
{{%- else %}}
{{%- set kmod_audit="-w /usr/bin/kmod -p x -k modules" %}}
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-030840
stigid@ol8: OL08-00-030580
stigid@rhel7: RHEL-07-030840
- stigid@rhel8: RHEL-08-030580
+ stigid@almalinux8: RHEL-08-030580
stigid@rhel9: RHEL-09-654105
stigid@sle12: SLES-12-020360
stigid@sle15: SLES-15-030410
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
index 8f61ee32a..07ddf4291 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
index ed9771d0d..665d2cc0f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
index 817ec3f12..2b795cc59 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-030740
stigid@ol8: OL08-00-030300
stigid@rhel7: RHEL-07-030740
- stigid@rhel8: RHEL-08-030300
+ stigid@almalinux8: RHEL-08-030300
stigid@rhel9: RHEL-09-654180
stigid@sle12: SLES-12-020290
stigid@ubuntu2004: UBTU-20-010138
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
index 54e0d6227..e4bb98755 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
index a2014eb70..fb66f51e8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
index c1ffea143..43cd01980 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030710
stigid@ol8: OL08-00-030350
stigid@rhel7: RHEL-07-030710
- stigid@rhel8: RHEL-08-030350
+ stigid@almalinux8: RHEL-08-030350
stigid@rhel9: RHEL-09-654110
stigid@sle12: SLES-12-020570
stigid@sle15: SLES-15-030090
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
index 32f9f451e..7f92479da 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 1a09558ec..05cb1d14d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
@@ -64,7 +64,7 @@ references:
stigid@ol7: OL07-00-030810
stigid@ol8: OL08-00-030340
stigid@rhel7: RHEL-07-030810
- stigid@rhel8: RHEL-08-030340
+ stigid@almalinux8: RHEL-08-030340
stigid@rhel9: RHEL-09-654115
stigid@sle12: SLES-12-020720
stigid@sle15: SLES-15-030510
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
index 25bfa1d00..7c4339a92 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030630
stigid@ol8: OL08-00-030290
stigid@rhel7: RHEL-07-030630
- stigid@rhel8: RHEL-08-030290
+ stigid@almalinux8: RHEL-08-030290
stigid@rhel9: RHEL-09-654120
stigid@sle12: SLES-12-020550
stigid@sle15: SLES-15-030070
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
index 53dc91957..e723f2f3d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
index bc443d98c..1be0a3f02 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
index ffa07f18f..45cfa1ddf 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030760
stigid@ol8: OL08-00-030311
stigid@rhel7: RHEL-07-030760
- stigid@rhel8: RHEL-08-030311
+ stigid@almalinux8: RHEL-08-030311
stigid@rhel9: RHEL-09-654125
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("postdrop") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
index 0abec84ef..98988a139 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030770
stigid@ol8: OL08-00-030312
stigid@rhel7: RHEL-07-030770
- stigid@rhel8: RHEL-08-030312
+ stigid@almalinux8: RHEL-08-030312
stigid@rhel9: RHEL-09-654130
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("postqueue") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
index 35e31c140..266b93695 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
index f3c3324e2..d5545d32c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
index bf0a58b43..0b13f7c0d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
index c6faead32..e255e3cd2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml
@@ -39,7 +39,7 @@ references:
nist@sle12: AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030280
- stigid@rhel8: RHEL-08-030280
+ stigid@almalinux8: RHEL-08-030280
stigid@rhel9: RHEL-09-654135
stigid@sle12: SLES-12-020310
stigid@sle15: SLES-15-030370
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
index a62411297..7a50a8704 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -67,7 +67,7 @@ references:
stigid@ol7: OL07-00-030780
stigid@ol8: OL08-00-030320
stigid@rhel7: RHEL-07-030780
- stigid@rhel8: RHEL-08-030320
+ stigid@almalinux8: RHEL-08-030320
stigid@rhel9: RHEL-09-654140
stigid@sle12: SLES-12-020320
stigid@sle15: SLES-15-030060
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
index 83273d633..6aec3a8fd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
index 0e7b0caf1..ce741d01d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
index 88d9a1d49..95492b5fa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
index 880059066..eb9f79a41 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index 1b4f74df5..5a4ceb78f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030680
stigid@ol8: OL08-00-030190
stigid@rhel7: RHEL-07-030680
- stigid@rhel8: RHEL-08-030190
+ stigid@almalinux8: RHEL-08-030190
stigid@rhel9: RHEL-09-654145
stigid@sle12: SLES-12-020250
stigid@sle15: SLES-15-030550
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index a2a9261e9..a667f3c47 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030690
stigid@ol8: OL08-00-030550
stigid@rhel7: RHEL-07-030690
- stigid@rhel8: RHEL-08-030550
+ stigid@almalinux8: RHEL-08-030550
stigid@rhel9: RHEL-09-654150
stigid@sle12: SLES-12-020260
stigid@sle15: SLES-15-030560
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
index f9af68594..7a67ffd99 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
index 3cc450968..a1fad3d89 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030750
stigid@ol8: OL08-00-030301
stigid@rhel7: RHEL-07-030750
- stigid@rhel8: RHEL-08-030301
+ stigid@almalinux8: RHEL-08-030301
stigid@rhel9: RHEL-09-654030
stigid@sle12: SLES-12-020300
stigid@ubuntu2004: UBTU-20-010139
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
index 8caef5913..68f4808c4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030640
stigid@ol8: OL08-00-030317
stigid@rhel7: RHEL-07-030640
- stigid@rhel8: RHEL-08-030317
+ stigid@almalinux8: RHEL-08-030317
stigid@rhel9: RHEL-09-654160
stigid@sle12: SLES-12-020680
stigid@sle15: SLES-15-030110
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
index 3b477a26b..6ab8406a2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
@@ -37,7 +37,7 @@ references:
disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235
stigid@ol8: OL08-00-030310
- stigid@rhel8: RHEL-08-030310
+ stigid@almalinux8: RHEL-08-030310
stigid@rhel9: RHEL-09-654165
stigid@ubuntu2004: UBTU-20-010173
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
index f61686df7..53ec6290b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-030670
stigid@ol8: OL08-00-030315
stigid@rhel7: RHEL-07-030670
- stigid@rhel8: RHEL-08-030315
+ stigid@almalinux8: RHEL-08-030315
stigid@rhel9: RHEL-09-654170
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ ocil_fix_srg_privileged_command("userhelper") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
index cfcaa17da..bd89fa211 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
@@ -45,7 +45,7 @@ references:
nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255
stigid@ol8: OL08-00-030560
- stigid@rhel8: RHEL-08-030560
+ stigid@almalinux8: RHEL-08-030560
stigid@rhel9: RHEL-09-654175
stigid@sle12: SLES-12-020700
stigid@sle15: SLES-15-030500
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
index fe6140d32..f1602a878 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
index c14eefeee..0a87e80ec 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
index c8c5434f0..385ffcd14 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
@@ -1,4 +1,4 @@
-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh
index b57078075..5d03b92a6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Traverse all of:
#
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml
index 26d02c24e..28daa9106 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
index 625f9077a..ba455203e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
@@ -56,7 +56,7 @@ references:
pcidss4: "10.3.2"
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000119-CTR-000245,SRG-APP-000120-CTR-000250
stigid@ol8: OL08-00-030121
- stigid@rhel8: RHEL-08-030121
+ stigid@almalinux8: RHEL-08-030121
stigid@rhel9: RHEL-09-654275
ocil_clause: 'the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules"'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml
index 94768073f..6fd009b50 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
index 15519eec3..c1630d0f4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml
@@ -31,7 +31,7 @@ identifiers:
references:
disa: CCI-000162,CCI-000163,CCI-000164
srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
- stigid@rhel8: RHEL-08-030122
+ stigid@almalinux8: RHEL-08-030122
stigid@rhel9: RHEL-09-654270
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the system is not configured to make login UIDs immutable'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
index e55119fd1..2e7514b51 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
index 79440e79b..614a4e09c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
index 889f83178..7896d4cb1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
index 496670fad..a9cce0a56 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
index b61368c0c..eb3bf47f9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/usr/share/selinux/", "wa", "MAC-policy") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
index 9b81fe727..a2ed7fd50 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030740
stigid@ol8: OL08-00-030302
stigid@rhel7: RHEL-07-030740
- stigid@rhel8: RHEL-08-030302
+ stigid@almalinux8: RHEL-08-030302
stigid@sle12: SLES-12-020290
stigid@sle15: SLES-15-030350
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
index 5eaed26cb..7f02f6431 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
# reboot =false
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
index 06bbeb9fb..545ad2377 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
index 58be87f4b..3adce26dc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
index bd42cc0f1..366b790a4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
index 8b2377d44..39c2bba69 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
@@ -1,5 +1,5 @@
2021-11-17 13:33:00 +00:00
---
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
index 72245ee79..704574ae6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
@@ -32,7 +32,7 @@ references:
disa: CCI-000018,CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001403,CCI-001404,CCI-002130,CCI-002132,CCI-002884
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol8: OL08-00-030171
- stigid@rhel8: RHEL-08-030171
+ stigid@almalinux8: RHEL-08-030171
stigid@rhel9: RHEL-09-654215
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
index dd9b966dd..ac7c82949 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
@@ -32,7 +32,7 @@ references:
disa: CCI-000018,CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001403,CCI-001404,CCI-002130,CCI-002132,CCI-002884
srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275
stigid@ol8: OL08-00-030172
- stigid@rhel8: RHEL-08-030172
+ stigid@almalinux8: RHEL-08-030172
stigid@rhel9: RHEL-09-654220
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the command does not return a line, or the line is commented out'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
index 64e8dde85..3d4f65278 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
2021-11-17 13:33:00 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-11-17 13:33:00 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
index 15d6fa4e2..7f98c9915 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
index 88b06cff6..3f5be4c47 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-11-17 13:33:00 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
index 8fdd7e75a..9c16b41cc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
index 323a798b1..46fad7416 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
index 9973488bd..b70cd79a9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030360
stigid@ol8: OL08-00-030000
stigid@rhel7: RHEL-07-030360
- stigid@rhel8: RHEL-08-030000
+ stigid@almalinux8: RHEL-08-030000
stigid@rhel9: RHEL-09-654010
stigid@sle12: SLES-12-020240
stigid@sle15: SLES-15-030640
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
index 027623091..c1c2c1952 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
index 336beb2b7..26c47e462 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh
index 07965e2c7..908fa6e54 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 6cfd87a9f..a27f12f90 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030871
stigid@ol8: OL08-00-030170
stigid@rhel7: RHEL-07-030871
- stigid@rhel8: RHEL-08-030170
+ stigid@almalinux8: RHEL-08-030170
stigid@rhel9: RHEL-09-654225
stigid@sle12: SLES-12-020210
stigid@sle15: SLES-15-030010
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 9f4c4db6d..53bad69c9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030872
stigid@ol8: OL08-00-030160
stigid@rhel7: RHEL-07-030872
- stigid@rhel8: RHEL-08-030160
+ stigid@almalinux8: RHEL-08-030160
stigid@rhel9: RHEL-09-654230
stigid@sle12: SLES-12-020590
stigid@sle15: SLES-15-030040
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index cf9223a9f..d087916ac 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -64,7 +64,7 @@ references:
stigid@ol7: OL07-00-030874
stigid@ol8: OL08-00-030140
stigid@rhel7: RHEL-07-030874
- stigid@rhel8: RHEL-08-030140
+ stigid@almalinux8: RHEL-08-030140
stigid@rhel9: RHEL-09-654235
stigid@sle12: SLES-12-020230
stigid@sle15: SLES-15-030030
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index c5feebc9a..94b4ae1a0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030870
stigid@ol8: OL08-00-030150
stigid@rhel7: RHEL-07-030870
- stigid@rhel8: RHEL-08-030150
+ stigid@almalinux8: RHEL-08-030150
stigid@rhel9: RHEL-09-654240
stigid@sle12: SLES-12-020200
stigid@sle15: SLES-15-030000
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index 67357a164..b7d05b2af 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-030873
stigid@ol8: OL08-00-030130
stigid@rhel7: RHEL-07-030873
- stigid@rhel8: RHEL-08-030130
+ stigid@almalinux8: RHEL-08-030130
stigid@rhel9: RHEL-09-654245
stigid@sle12: SLES-12-020220
stigid@sle15: SLES-15-030020
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
index 24b4da6b6..1b2b4dd27 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
index 49c97e395..51f48c0f9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh
index c511ede45..617b679c5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
index ec76157d4..0f9e9f7cc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
index b7f44ab38..e6b1d1856 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
index 3f43030e9..85e9a47c8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
index b7f44ab38..e6b1d1856 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
index 8a58bbc38..1a73014dc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
index 0899dcded..fa722e21d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
{{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
index 140506b60..4290a051f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
index ec17adf55..0ecb4079c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
index 743a16423..f0a11d0db 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml
@@ -35,7 +35,7 @@ references:
pcidss: Req-10.5.1
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030110
- stigid@rhel8: RHEL-08-030110
+ stigid@almalinux8: RHEL-08-030110
stigid@rhel9: RHEL-09-653080
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil: |-
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
index 09d4e8ff5..6a8e8bdab 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
groupadd group_test
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
index 301bd5e57..ecf98a56a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml
@@ -31,7 +31,7 @@ references:
pcidss: Req-10.5.1
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030100
- stigid@rhel8: RHEL-08-030100
+ stigid@almalinux8: RHEL-08-030100
stigid@rhel9: RHEL-09-653085
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: the directory is not owned by root
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh
index 0dad1bfe1..29632f729 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then
DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev)
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
index 01955927f..ebead7aa0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
@@ -3,7 +3,7 @@ documentation_complete: true
title: 'System Audit Logs Must Have Mode 0750 or Less Permissive'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
description: |-
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Verify the audit log directories have a mode of "0700" or less permissive by first determining
where the audit logs are stored with the following command:
<pre>$ sudo grep -iw log_file /etc/audit/auditd.conf
@@ -49,7 +49,7 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
stigid@ol8: OL08-00-030120
- stigid@rhel8: RHEL-08-030120
+ stigid@almalinux8: RHEL-08-030120
stigid@ubuntu2004: UBTU-20-010128
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'audit logs have a more permissive mode'
@@ -73,7 +73,7 @@ ocil: |-
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
The correct permissions are 0700
{{% else %}}
If the log_group is "root" or is not set, the correct permissions are 0700, otherwise they are 0750.
@@ -86,7 +86,7 @@ fixtext: |-
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
$ sudo grep "^log_file" /etc/audit/auditd.conf
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Set the correct permissions mode by the following command:
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
$ sudo chmod 0700 [audit_log_directory]
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
index 7e8c49123..999d914cd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common_0700.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
index 7cfadc195..3bb0cefbb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common_0700.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
index 3654389ed..64e3e8ebc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common_0700.sh
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
index b93254a4b..c7d66ccbb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common_0700.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
index 523930ea9..5038a6320 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
@@ -45,7 +45,7 @@ references:
pcidss4: '10.3.2'
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030090
- stigid@rhel8: RHEL-08-030090
+ stigid@almalinux8: RHEL-08-030090
stigid@ubuntu2004: UBTU-20-010124
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil: |-
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
index 6f19e15c6..b1d995c61 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
index cf4b02b90..cd69f17c2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
index 95acf5905..18954ffa1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
@@ -6,7 +6,7 @@
<extend_definition comment="log_file not set in auditd.conf" definition_ref="auditd_conf_log_file_not_set" negate="true" />
<criterion comment="audit log files are root owned" test_ref="test_user_ownership_audit_log_files" />
</criteria>
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
<criteria operator="AND" comment="log_file not set">
<extend_definition comment="log_file not set in auditd.conf"
definition_ref="auditd_conf_log_file_not_set"/>
@@ -28,7 +28,7 @@
<filter action="include">state_owner_not_root_var_log_audit</filter>
</unix:file_object>
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
<unix:file_test check="all" check_existence="none_exist"
comment="var/log/audit/audit.log file uid root"
id="test_user_ownership_audit_default_log_files" version="1">
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
index 041b8d795..184f43d3e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
@@ -38,7 +38,7 @@ references:
pcidss: Req-10.5.1
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030080
- stigid@rhel8: RHEL-08-030080
+ stigid@almalinux8: RHEL-08-030080
stigid@ubuntu2004: UBTU-20-010123
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: "the audit log is not owned by root"
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
index 3a0d9a4e9..ab43ceb2b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
#!/bin/bash
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
index d597ca07f..75a41c4fd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
@@ -15,7 +15,7 @@ useradd testuser_123
touch "/var/log/audit/audit.log"
chown root "/var/log/audit/audit.log"
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
touch $FILE
chown testuser_123 $FILE
{{% else %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
index 1879113b8..8798ae1ae 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
#!/bin/bash
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
index 722f6731a..7f1879db2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
index 0b42da512..013401d8c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index 26a439145..1910462b1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-910055
stigid@ol8: OL08-00-030070
stigid@rhel7: RHEL-07-910055
- stigid@rhel8: RHEL-08-030070
+ stigid@almalinux8: RHEL-08-030070
stigid@rhel9: RHEL-09-653090
stigid@ubuntu2004: UBTU-20-010122
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
index 15023ca70..488ef3e3f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = audit
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common_0600.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
index 04d76809f..6475f83ae 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = audit
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common_0600.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
index aea9d1b10..3f045e4c7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = audit
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
source common_0600.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
index 003e3330f..368540adc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = audit
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
source common_0600.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
index 1e0529f08..9ed9948a4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = configure
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
index 53a56e255..554799735 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_audispd_remote_server") }}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
index 44d9a1f74..a466bc72d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
index 0bfa82083..93b11eb05 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
index f902ce228..0be6013c8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
@@ -44,7 +44,7 @@ references:
nist@sle15: AU-4
srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
stigid@ol8: OL08-00-030660
- stigid@rhel8: RHEL-08-030660
+ stigid@almalinux8: RHEL-08-030660
stigid@rhel9: RHEL-09-653030
stigid@sle12: SLES-12-020020
stigid@sle15: SLES-15-030660
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
index 942cd0f5d..a53df57b1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = configure
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
index 36e7f8cda..842f3922d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_audispd_disk_full_action") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
index be3e74b0b..b6f46f51e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
@@ -1,7 +1,7 @@
# platform = multi_platform_all
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
AUDISP_REMOTE_CONFIG="{{{ audisp_conf_path }}}/audisp-remote.conf"
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
option="^transport"
value="KRB5"
{{% else %}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
index e8d055f90..467e50704 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
@@ -2,7 +2,7 @@
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
<def-group>
<definition class="compliance" id="auditd_audispd_encrypt_sent_records" version="1">
- {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+ {{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
{{{ oval_metadata("transport setting in " + audisp_config_file_path + " is set to 'KRB5'") }}}
{{% else %}}
{{{ oval_metadata("enable_krb5 setting in " + audisp_config_file_path + " is set to 'yes'") }}}
@@ -22,7 +22,7 @@
<ind:filepath>{{{ audisp_config_file_path }}}</ind:filepath>
<!-- Allow only space (exactly) as delimiter -->
<!-- Require at least one space before and after the equal sign -->
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
<ind:pattern operation="pattern match">^[ ]*transport[ ]+=[ ]+KRB5[ ]*$</ind:pattern>
{{% else %}}
<ind:pattern operation="pattern match">^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$</ind:pattern>
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
index ad68d3a77..7e94d7ac4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -6,7 +6,7 @@ title: 'Encrypt Audit Records Sent With audispd Plugin'
description: |-
Configure the operating system to encrypt the transfer of off-loaded audit
records onto a different system or media from the system being audited.
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
Set the <tt>transport</tt> option in <pre>{{{ audisp_conf_path }}}/audisp-remote.conf</pre>
to <tt>KRB5</tt>.
{{% else %}}
@@ -44,7 +44,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
ocil: |-
To verify the audispd plugin encrypts audit records off-loaded onto a different
system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
<pre>$ sudo grep -i transport {{{ audisp_conf_path }}}/audisp-remote.conf</pre>
The output should return the following:
<pre>transport = KRB5</pre>
@@ -56,7 +56,7 @@ ocil: |-
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
fixtext: |-
Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin.
-{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "ol8", "rhv4"] %}}
Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5".
{{% else %}}
Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf",
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
index 1ee02140b..711b6593d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
index b6775223d..b7fa1f1f4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
index bf1c533c6..fb621cfff 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
index 864e97b31..8c16af8f9 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
index 71fc81683..835402712 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
2023-02-21 13:38:18 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2023-02-21 13:38:18 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = configure
2023-02-21 13:38:18 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
index d1a513600..8ca091bea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
2023-02-21 13:38:18 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_audispd_network_failure_action") }}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
index d244d4bd0..ec516de8a 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
@@ -1,5 +1,5 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
index af96da871..3bcbba05c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
index caf9766f5..8b2142f08 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
index c87268eae..ffa87d06e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
. $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
index 0bb1518ef..c54736340 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = bash
. $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
index b075778f5..d9baf1b4f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-11-17 13:33:00 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-11-17 13:33:00 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
index d0065b38c..7027992a4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
index 73ce2ef8e..e4436d854 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
@@ -40,7 +40,7 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
srg: SRG-OS-000047-GPOS-00023,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
stigid@ol8: OL08-00-030040
- stigid@rhel8: RHEL-08-030040
+ stigid@almalinux8: RHEL-08-030040
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'there is no evidence of appropriate action'
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
index 06f4a10c6..ba788edbf 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
index 78726bbc6..0a36846ab 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
index 0adf2b538..376952524 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-11-17 13:33:00 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
index ce4f4d029..6ab8e06dd 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
2021-11-17 13:33:00 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
index a4e554260..4f88b276c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
@@ -46,7 +46,7 @@ references:
nist@sle12: AU-5(b),AU-5.1(iv)
srg: SRG-OS-000047-GPOS-00023
stigid@ol8: OL08-00-030060
- stigid@rhel8: RHEL-08-030060
+ stigid@almalinux8: RHEL-08-030060
stigid@sle12: SLES-12-020060
stigid@sle15: SLES-15-030590
stigid@ubuntu2004: UBTU-20-010118
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
index 61cc4751d..7f66a5c15 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
index 8ab6e16ab..110211558 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
index b82e6d174..717e52b99 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
index dfb8d3035..28e3fd6c9 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 961c3d442..63720ccb1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-030350
stigid@ol8: OL08-00-030020
stigid@rhel7: RHEL-07-030350
- stigid@rhel8: RHEL-08-030020
+ stigid@almalinux8: RHEL-08-030020
stigid@rhel9: RHEL-09-653070
stigid@sle12: SLES-12-020040
stigid@sle15: SLES-15-030570
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
index 49efdc918..ab901e892 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
index f377a92dd..44680a119 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
index 9c8afcfa3..53a6da7e0 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
index 79b916559..40632d099 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
{{{ bash_instantiate_variables("var_auditd_flush") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
index ba44b2bb5..303e1d8f7 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
index a8f68412c..0c0d35e0d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
index f3301e81a..eb39696dd 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
2022-06-29 08:41:07 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
index 64ebd312f..c43471049 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
2022-06-29 08:41:07 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
index f6e0c1088..a51782746 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
index 47f3daf89..5cab1da02 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
2022-06-29 08:41:07 +00:00
@@ -1,6 +1,6 @@
2021-11-17 13:33:00 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
# packages = audit
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# profiles = xccdf_org.ssgproject.content_profile_ospp
# remediation = bash
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
index c70cd104e..c97fbf56e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
2024-03-04 15:52:37 +00:00
# strategy = restrict
2021-09-15 11:41:44 +00:00
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
index 8a53bf847..95c5446b6 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
index 69ae3cb89..f48f36569 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
2023-02-21 13:38:18 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2023-02-21 13:38:18 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
index 5007f965f..4c06ea831 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
2023-02-21 13:38:18 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
index 69ae3cb89..f48f36569 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
index 4609f8ec9..f4b4664e3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
2024-03-04 15:52:37 +00:00
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
index 7deaa0607..748a59d80 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
index ab0bea58e..a6158699d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
index a53f062b5..e0200450d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_space_left") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
index ec0ed4850..3c3b130e8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
index b6e0267bb..990063e2f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 63929bbb8..992e2f39b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-030340
stigid@ol8: OL08-00-030731
stigid@rhel7: RHEL-07-030340
- stigid@rhel8: RHEL-08-030731
+ stigid@almalinux8: RHEL-08-030731
stigid@rhel9: RHEL-09-653040
stigid@ubuntu2004: UBTU-20-010217
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
index 2b6acf034..08652305d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
@@ -37,7 +37,7 @@ references:
stigid@ol7: OL07-00-030330
stigid@ol8: OL08-00-030730
stigid@rhel7: RHEL-07-030330
- stigid@rhel8: RHEL-08-030730
+ stigid@almalinux8: RHEL-08-030730
stigid@rhel9: RHEL-09-653035
stigid@ubuntu2004: UBTU-20-010217
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
2024-03-04 15:52:37 +00:00
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
index e3a34e25b..109161da8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
@@ -25,7 +25,7 @@ references:
ospp: FAU_GEN.1
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-030061
- stigid@rhel8: RHEL-08-030061
+ stigid@almalinux8: RHEL-08-030061
stigid@rhel9: RHEL-09-653075
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: local_events isn't set to yes
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
index 9d19776db..8ac220842 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FAU_GEN.1.2
srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227,SRG-APP-000096-CTR-000175,SRG-APP-000097-CTR-000180,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
stigid@ol8: OL08-00-030063
- stigid@rhel8: RHEL-08-030063
+ stigid@almalinux8: RHEL-08-030063
stigid@rhel9: RHEL-09-653100
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: log_format isn't set to ENRICHED
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
index 015e9d6ef..cb221f19e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
index a08fddc90..1b881f0ff 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
index 1806a3c3e..8fb1d714e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-030211
stigid@ol8: OL08-00-030062
stigid@rhel7: RHEL-07-030211
- stigid@rhel8: RHEL-08-030062
+ stigid@almalinux8: RHEL-08-030062
stigid@rhel9: RHEL-09-653060
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: name_format isn't set to {{{ xccdf_value("var_auditd_name_format") }}}
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
index 12d8541cb..a3d1c459b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
index f308bd675..e9789ea24 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
index bd0205d1f..16893ecff 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-030210
stigid@ol8: OL08-00-030700
stigid@rhel7: RHEL-07-030210
- stigid@rhel8: RHEL-08-030700
+ stigid@almalinux8: RHEL-08-030700
stigid@rhel9: RHEL-09-653065
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'auditd overflow action is not set correctly'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
index 55f407e01..b9084af21 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
index bcafc35b8..1579dc90f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
@@ -3,7 +3,7 @@ documentation_complete: true
title: 'Remote server for audispd to send audit records'
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
description: |-
-{{% if product in ["rhel8", "fedora"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora"] %}}
The setting for remote_server in /etc/audit/audisp-remote.conf
{{% else %}}
The setting for remote_server in /etc/audisp/audisp-remote.conf
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index f77f25a2c..a3a6d73ca 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -48,7 +48,7 @@ references:
pcidss4: '10.7.3'
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
stigid@ol8: OL08-00-030601
- stigid@rhel8: RHEL-08-030601
+ stigid@almalinux8: RHEL-08-030601
stigid@rhel9: RHEL-09-212055
stigid@ubuntu2004: UBTU-20-010198
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
index 4a03a2117..365d018a2 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Removes audit argument from kernel command line in /boot/grub2/grubenv
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
index 065c1d459..75db9892c 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Break the audit argument in kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
index 35034f242..3f1e63b11 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Break the audit argument in kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index f10e01952..9c7be10c9 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -38,7 +38,7 @@ references:
pcidss4: '10.7.2'
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
stigid@ol8: OL08-00-030602
- stigid@rhel8: RHEL-08-030602
+ stigid@almalinux8: RHEL-08-030602
stigid@rhel9: RHEL-09-653120
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'audit backlog limit is not configured'
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
index aaffbf476..f3e10ad43 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192"
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
index f93dc5644..1fa37409f 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
# Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index e1adfae96..7e61cb8f6 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -34,7 +34,7 @@ references:
pcidss4: "10.2.1"
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
stigid@ol8: OL08-00-030180
- stigid@rhel8: RHEL-08-030180
+ stigid@almalinux8: RHEL-08-030180
stigid@rhel9: RHEL-09-653010
stigid@sle12: SLES-12-020000
stigid@sle15: SLES-15-030650
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
index f29a4afc6..26ac0688c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
2024-03-04 15:52:37 +00:00
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
index 412c67f15..ec1467404 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
2022-06-29 08:41:07 +00:00
@@ -1,5 +1,5 @@
2024-03-04 15:52:37 +00:00
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
index 413293083..3f8c50a39 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
index 1d08bae3a..3e2300448 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
index 372b7c27c..4e2ce77e9 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
index f62426900..bd3ddd10a 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
index c26dc39be..d32b854fd 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
index 08c8dc855..e9277f263 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
index 023388b66..655883afe 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
index 22d3990f0..ed4f8bce8 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
index 2fb2c25aa..e182781c4 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
index bff04fe4c..a56d7f18f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{% set file_contents = """## Successful file delete
-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid&gt;=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
index 37b8b3676..d1be71273 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{% set file_contents = """## Successful file delete
-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
index a46066d62..731636c7f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{% set file_contents = """## Successful file delete
-a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete""" -%}}
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
index ff5e61676..f7012bed2 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
index 2d9279849..ec6477378 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
index dae466002..527bc8489 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
index f07ff3607..62de7826c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
index c6f796967..7a6e545c4 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
index 212ec4ba5..62e1ee6de 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
index 92310b977..e76e314a6 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
index f8cd8b73d..090554c02 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
index 231034a9c..460877cec 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
index 6002067e5..0515753c4 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
index c122b209f..d1f676a94 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
index fa81ece03..7a26684d2 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
index 89d6152dc..7afbf02b7 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index 96317d8d1..b86c22fd5 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030000
stigid@ol8: OL08-00-030181
stigid@rhel7: RHEL-07-030000
- stigid@rhel8: RHEL-08-030181
+ stigid@almalinux8: RHEL-08-030181
stigid@rhel9: RHEL-09-653015
stigid@sle12: SLES-12-020010
stigid@sle15: SLES-15-030050
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
index 50abc5732..306ca07b1 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there.fail.sh
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Removes audit argument from kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
index 5a204756e..98a5d0256 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
# Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Fake the kernel compile config, this is necessary when the distro's kernel is already compiled
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
index c4213caf8..c422634f2 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,6 +1,6 @@
2024-03-04 15:52:37 +00:00
#!/bin/bash
# Based on shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Break the argument in kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
index 48b26196a..08c744d38 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
@@ -27,7 +27,7 @@ references:
nist: SI-16
srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040004
- stigid@rhel8: RHEL-08-040004
+ stigid@almalinux8: RHEL-08-040004
stigid@rhel9: RHEL-09-212050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'Kernel page-table isolation is not enabled'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
index 925e7a74a..9292c956d 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FPT_ASLR_EXT.1
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010422
- stigid@rhel8: RHEL-08-010422
+ stigid@almalinux8: RHEL-08-010422
stigid@rhel9: RHEL-09-212035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'vsyscalls are enabled'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
index 94fc58975..b7134083c 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-010483
stigid@ol8: OL08-00-010149
stigid@rhel7: RHEL-07-010483
- stigid@rhel8: RHEL-08-010149
+ stigid@almalinux8: RHEL-08-010149
stigid@rhel9: RHEL-09-212020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'superuser account is not set or is set to root, admin, administrator or any other existing user name'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
index f5b957e88..b678a4e70 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
@@ -3,7 +3,7 @@
{{{ oval_metadata("The grub2 boot loader should have password protection enabled.") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
<criteria operator="OR">
- {{% if product in ["ol7", "ol8", "ol9", "rhel8"] %}}
+ {{% if product in ["ol7", "ol8", "ol9", "rhel8", "almalinux8"] %}}
<criterion comment="make sure a password is defined in {{{ grub2_boot_path }}}/user.cfg" test_ref="test_grub2_password_usercfg" />
{{% else %}}
<criteria operator="AND">
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index 43168a7cc..7f62e0944 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -70,7 +70,7 @@ references:
stigid@ol7: OL07-00-010482
stigid@ol8: OL08-00-010150
stigid@rhel7: RHEL-07-010482
- stigid@rhel8: RHEL-08-010150
+ stigid@almalinux8: RHEL-08-010150
stigid@rhel9: RHEL-09-212010
stigid@sle12: SLES-12-010430
stigid@sle15: SLES-15-010190
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
index 8dbb9aeca..e27499d26 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-010492
stigid@ol8: OL08-00-010141
stigid@rhel7: RHEL-07-010492
- stigid@rhel8: RHEL-08-010141
+ stigid@almalinux8: RHEL-08-010141
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'superuser account is not set or is set to an existing name or to a common name'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
index c77f9b5e7..c475f2568 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
@@ -70,7 +70,7 @@ references:
stigid@ol7: OL07-00-010491
stigid@ol8: OL08-00-010140
stigid@rhel7: RHEL-07-010491
- stigid@rhel8: RHEL-08-010140
+ stigid@almalinux8: RHEL-08-010140
stigid@sle12: SLES-12-010440
stigid@sle15: SLES-15-010200
stigid@ubuntu2004: UBTU-20-010009
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
index 7a828837f..d13ae7f52 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries contain audit=1
for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
index 3af83d30d..28a0af739 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries contain audit=1
for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
index 5650cc0a7..1ee373205 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Remove audit=1 from all boot entries
sed -Ei 's/(^options.*\s)audit=1(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
index e3adb9963..13e5314b1 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure no image configured in zipl config file
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
index 47626442f..2a88d2abb 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure no image configured in zipl config file
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
index 7f2be3564..80f8b55f3 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
index 728c6b7bd..b06f989e6 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
touch /etc/zipl.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
index 1ae4d631e..0f1155665 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
touch /boot/loader/entries/*.conf # Update current existing entries
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
index 7981ba8c5..8bfdce20e 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
touch /etc/zipl.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
index 50cf1b78f..33cd2971b 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries contain init_on_alloc=1
for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
index 7c0d91547..f8fd73edb 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries contain init_on_alloc=1
for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
index 9d330c919..62547cbb3 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Remove init_on_alloc=1 from all boot entries
sed -Ei 's/(^options.*\s)init_on_alloc=1(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
index 5585e0eaf..bd860eb70 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# reboot = true
# strategy = configure
# complexity = medium
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
index 0d90d58db..dfc1a2407 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Correct BLS option using grubby, which is a thin wrapper around BLS operations
grubby --update-kernel=ALL --remove-args="systemd.debug-shell"
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
index 4649db979..fb4ec1b8a 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries don't contain systemd.debug-shell
sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
index faac856fb..36382a844 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries doesn't contain systemd.debug-shell
sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
index fe07a37d0..52a2e9e14 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Remove systemd.debug-shell from all boot entries
sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
index 0c2febb03..556ea474a 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Make sure boot loader entries doesn't contain systemd.debug-shell
sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
index 773f88904..6060189e7 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
mkdir -p /etc/rsyslog.d
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
index 923a9096d..d66f57206 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
@@ -37,7 +37,7 @@ references:
stigid@ol7: OL07-00-021100
stigid@ol8: OL08-00-030010
stigid@rhel7: RHEL-07-021100
- stigid@rhel8: RHEL-08-030010
+ stigid@almalinux8: RHEL-08-030010
stigid@rhel9: RHEL-09-652060
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'cron is not logging to rsyslog'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
index 4e321fecb..2818c4ca1 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
index 3933f28b4..d71a075f1 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
index fe5623311..9b7964316 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
@@ -27,7 +27,7 @@ references:
nist: AU-4(1)
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030720
- stigid@rhel8: RHEL-08-030720
+ stigid@almalinux8: RHEL-08-030720
stigid@rhel9: RHEL-09-652040
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
index 7fb97b65f..d66b45c27 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
@@ -27,7 +27,7 @@ references:
nist: AU-4(1)
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030710
- stigid@rhel8: RHEL-08-030710
+ stigid@almalinux8: RHEL-08-030710
stigid@rhel9: RHEL-09-652045
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'rsyslogd ActionSendStreamDriverMode is not set to 1'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
index 12c43f3db..699f1e725 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
@@ -27,7 +27,7 @@ references:
nist: AU-4(1)
srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
stigid@ol8: OL08-00-030710
- stigid@rhel8: RHEL-08-030710
+ stigid@almalinux8: RHEL-08-030710
stigid@rhel9: RHEL-09-652050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
index 9db602a15..44ad370ae 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
@@ -31,7 +31,7 @@ references:
nist: AC-17(1)
srg: SRG-OS-000032-GPOS-00013
stigid@ol8: OL08-00-010070
- stigid@rhel8: RHEL-08-010070
+ stigid@almalinux8: RHEL-08-010070
stigid@rhel9: RHEL-09-652030
stigid@ubuntu2004: UBTU-20-010403
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
index dcfbf1fa2..d104e71a6 100644
--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
@@ -35,7 +35,7 @@ ocil: |-
Storing logs with compression can help avoid filling the system disk.
Run the following command to verify that journald is compressing logs.
<pre>
-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
grep "^\sCompress" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
{{% else %}}
grep "^\sCompress" /etc/systemd/journald.conf
@@ -46,7 +46,7 @@ ocil: |-
Compress=yes
</pre>
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
template:
name: systemd_dropin_configuration
vars:
diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
index bf0a951ef..ecee756bc 100644
--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
@@ -35,7 +35,7 @@ ocil: |-
Storing logs remotely protects the integrity of the data from local attacks.
Run the following command to verify that journald is forwarding logs to a remote host.
<pre>
-{{%- if product in ["rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["rhel8", "almalinux8", "rhel9", "sle15"] %}}
grep "^\sForwardToSyslog" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
{{% else %}}
grep "^\sForwardToSyslog" /etc/systemd/journald.conf
@@ -46,7 +46,7 @@ ocil: |-
ForwardToSyslog=yes
</pre>
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{%- if product in ["rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["rhel8", "almalinux8", "rhel9", "sle15"] %}}
template:
name: systemd_dropin_configuration
vars:
diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
index 2ee5dc216..aef01b335 100644
--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
@@ -34,7 +34,7 @@ ocil: |-
Storing logs with persistent storage ensures they are available after a reboot or system crash.
Run the command below to verify that logs are being persistently stored to disk.
<pre>
-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
grep "^\sStorage" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
{{% else %}}
grep "^\sStorage" /etc/systemd/journald.conf
@@ -45,7 +45,7 @@ ocil: |-
Storage=persistent
</pre>
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
+{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
template:
name: systemd_dropin_configuration
vars:
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
index 892523fc4..9fbba1ccb 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
index 11544323c..c5e78ed75 100644
--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
@@ -54,7 +54,7 @@ template:
timername: logrotate
packagename: logrotate
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
-{{% if product in ["rhel7", "rhel8"] %}}
+{{% if product in ["rhel7", "rhel8", "almalinux8"] %}}
warnings:
- general:
The Systemd unit <tt>logrotate.timer</tt> does not exist in
diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
index ed375fc89..46f024c89 100644
--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
@@ -30,7 +30,7 @@ references:
ospp: FTP_ITC_EXT.1.1
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-030680
- stigid@rhel8: RHEL-08-030680
+ stigid@almalinux8: RHEL-08-030680
stigid@rhel9: RHEL-09-652015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
index 1bd70d3f2..37f319635 100644
--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
@@ -37,7 +37,7 @@ references:
ospp: FTP_ITC_EXT.1.1
srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-030670
- stigid@rhel8: RHEL-08-030670
+ stigid@almalinux8: RHEL-08-030670
stigid@rhel9: RHEL-09-652010
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
index f42709ef5..8b35da68b 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
index f2019bb9a..a12ceb5c1 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 92cf57d08..e0f70bf9d 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -67,7 +67,7 @@ references:
stigid@ol7: OL07-00-031000
stigid@ol8: OL08-00-030690
stigid@rhel7: RHEL-07-031000
- stigid@rhel8: RHEL-08-030690
+ stigid@almalinux8: RHEL-08-030690
stigid@rhel9: RHEL-09-652055
stigid@sle12: SLES-12-030340
stigid@sle15: SLES-15-010580
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
index d6e2b2564..323d3ffaa 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
index ee1cbf7ea..eb4e5adc4 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
index e423460c5..68f88d27d 100644
--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
@@ -38,7 +38,7 @@ references:
nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.DS-4,PR.PT-1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010561
- stigid@rhel8: RHEL-08-010561
+ stigid@almalinux8: RHEL-08-010561
stigid@rhel9: RHEL-09-652020
stigid@ubuntu2004: UBTU-20-010432
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
index 23204bae4..749046a97 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
@@ -25,7 +25,7 @@ references:
nist: SC-5
srg: SRG-OS-000420-GPOS-00186
stigid@ol8: OL08-00-040150
- stigid@rhel8: RHEL-08-040150
+ stigid@almalinux8: RHEL-08-040150
stigid@rhel9: RHEL-09-251030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "nftables" is not set as the "firewallbackend"'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 9ddf98026..39fedc08b 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -38,7 +38,7 @@ references:
srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040100
- stigid@rhel8: RHEL-08-040100
+ stigid@almalinux8: RHEL-08-040100
stigid@rhel9: RHEL-09-251010
stigid@sle15: SLES-15-010220
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 225a7057c..6552cc770 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-040520
stigid@ol8: OL08-00-040101
stigid@rhel7: RHEL-07-040520
- stigid@rhel8: RHEL-08-040101
+ stigid@almalinux8: RHEL-08-040101
stigid@rhel9: RHEL-09-251015
stigid@sle15: SLES-15-010220
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
index 71a119393..5be80d5bc 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-040100
stigid@ol8: OL08-00-040030
stigid@rhel7: RHEL-07-040100
- stigid@rhel8: RHEL-08-040030
+ stigid@almalinux8: RHEL-08-040030
stigid@rhel9: RHEL-09-251025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
index 787eb6976..b507337f8 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
index 4553964d2..64dc3525c 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
@@ -23,7 +23,7 @@ references:
nist: AC-17 (1)
srg: SRG-OS-000297-GPOS-00115
stigid@ol8: OL08-00-040090
- stigid@rhel8: RHEL-08-040090
+ stigid@almalinux8: RHEL-08-040090
stigid@rhel9: RHEL-09-251020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index 18907ee31..21fa42eb8 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -47,7 +47,7 @@ references:
pcidss4: '1.3.1,1.5.1'
srg: SRG-OS-000480-GPOS-00227
stigid@rhel7: RHEL-07-040810
- stigid@rhel8: RHEL-08-040090
+ stigid@almalinux8: RHEL-08-040090
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the default zone is not set to DROP'
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
index ccfb8db79..e41d9c2d8 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# check-import = stdout
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
result=$XCCDF_RESULT_PASS
diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
index b2a8e350c..e97d0f4a5 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# check-import = stdout
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
result=$XCCDF_RESULT_PASS
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
index d787fbbbf..d209806d8 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# enable randomness in ipv6 address generation
for interface in /etc/sysconfig/network-scripts/ifcfg-*
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
index 87306fedb..88e2884bc 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
index 3dcc93b93..8567faf1d 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -37,7 +37,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040261
- stigid@rhel8: RHEL-08-040261
+ stigid@almalinux8: RHEL-08-040261
stigid@rhel9: RHEL-09-254010
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
index 8792fc668..2c7c4b025 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index b5f8b62a6..3ba5d0c76 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -38,7 +38,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040280
- stigid@rhel8: RHEL-08-040280
+ stigid@almalinux8: RHEL-08-040280
stigid@rhel9: RHEL-09-254015
stigid@sle12: SLES-12-030363
stigid@sle15: SLES-15-040341
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
index e222b1c88..85b92ce90 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index 57ea1cb8f..c6551fef7 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040830
stigid@ol8: OL08-00-040240
stigid@rhel7: RHEL-07-040830
- stigid@rhel8: RHEL-08-040240
+ stigid@almalinux8: RHEL-08-040240
stigid@rhel9: RHEL-09-254020
stigid@sle12: SLES-12-030361
stigid@sle15: SLES-15-040310
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
index 02e493846..ed401ad45 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -37,7 +37,7 @@ references:
nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040260
- stigid@rhel8: RHEL-08-040260
+ stigid@almalinux8: RHEL-08-040260
stigid@rhel9: RHEL-09-254025
stigid@sle12: SLES-12-030364
stigid@sle15: SLES-15-040381
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
index 4ed2c480c..f59b6d7c3 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
index 8f20c4de7..b91a262f0 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -37,7 +37,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040262
- stigid@rhel8: RHEL-08-040262
+ stigid@almalinux8: RHEL-08-040262
stigid@rhel9: RHEL-09-254030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
index 845b013ed..063776b85 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index 0c832ff4e..33bbb66ae 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -40,7 +40,7 @@ references:
nist@sle15: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040210
- stigid@rhel8: RHEL-08-040210
+ stigid@almalinux8: RHEL-08-040210
stigid@rhel9: RHEL-09-254035
stigid@sle12: SLES-12-030401
stigid@sle15: SLES-15-040350
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
index e2951d845..0335df123 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index 0e74c07dc..da640932c 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -48,7 +48,7 @@ references:
pcidss4: '1.4.2'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040250
- stigid@rhel8: RHEL-08-040250
+ stigid@almalinux8: RHEL-08-040250
stigid@rhel9: RHEL-09-254040
stigid@sle12: SLES-12-030362
stigid@sle15: SLES-15-040321
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
index 5d8daaa6b..604dc02c0 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Removes ipv6.disable argument from kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
index 0e84a458c..bf898a7c9 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
index db339c353..38d2f0d62 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Break the ipv6.disable argument in kernel command line in /boot/grub2/grubenv
file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
index 2bd1bdbca..63ab3fe59 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
# services for NFSv4 from attempting to start IPv6 network listeners
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
index 6bb6de134..1f0664a02 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 82876444a..17e33c67f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040641
stigid@ol8: OL08-00-040279
stigid@rhel7: RHEL-07-040641
- stigid@rhel8: RHEL-08-040279
+ stigid@almalinux8: RHEL-08-040279
stigid@rhel9: RHEL-09-253015
stigid@sle12: SLES-12-030390
stigid@sle15: SLES-15-040330
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
index b3d72bb4a..b89b8a35a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index 0f0b45802..466d198a1 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-040610
stigid@ol8: OL08-00-040239
stigid@rhel7: RHEL-07-040610
- stigid@rhel8: RHEL-08-040239
+ stigid@almalinux8: RHEL-08-040239
stigid@rhel9: RHEL-09-253020
stigid@sle12: SLES-12-030360
stigid@sle15: SLES-15-040300
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
index 5e49b1e1e..266940353 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
@@ -22,7 +22,7 @@ references:
nist: CM-6(b)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040259
- stigid@rhel8: RHEL-08-040259
+ stigid@almalinux8: RHEL-08-040259
stigid@rhel9: RHEL-09-253075
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'IP forwarding value is "1" and the system is not router'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
index 70e767cc4..fbe1a27a2 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
index c64da37a3..08535e5a1 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index 9039cffc2..54949f4c0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040611
stigid@ol8: OL08-00-040285
stigid@rhel7: RHEL-07-040611
- stigid@rhel8: RHEL-08-040285
+ stigid@almalinux8: RHEL-08-040285
stigid@rhel9: RHEL-09-253035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil: |-
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
index 583b70a3b..d9bca3de6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
index ef545976d..bf1ccb250 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
index 8b075d55e..0dd17a34b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
index 2bfbd9e46..8ea37100a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 9693c7912..17c781220 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-040640
stigid@ol8: OL08-00-040209
stigid@rhel7: RHEL-07-040640
- stigid@rhel8: RHEL-08-040209
+ stigid@almalinux8: RHEL-08-040209
stigid@rhel9: RHEL-09-253040
stigid@sle12: SLES-12-030400
stigid@sle15: SLES-15-040340
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
index aa7d1562b..08668d03c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index 514557228..82c4af364 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-040620
stigid@ol8: OL08-00-040249
stigid@rhel7: RHEL-07-040620
- stigid@rhel8: RHEL-08-040249
+ stigid@almalinux8: RHEL-08-040249
stigid@rhel9: RHEL-09-253045
stigid@sle12: SLES-12-030370
stigid@sle15: SLES-15-040320
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
index 3a60ab17c..728ddb817 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
index b6e53de36..0b652c7cf 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
index aeb67c4e0..f47a8ab67 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
index 52d74441b..08c8c256d 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index 857186d06..6ede72fc5 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040630
stigid@ol8: OL08-00-040230
stigid@rhel7: RHEL-07-040630
- stigid@rhel8: RHEL-08-040230
+ stigid@almalinux8: RHEL-08-040230
stigid@rhel9: RHEL-09-253055
stigid@sle12: SLES-12-030380
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
index 9e3a85af9..d4f4d31cb 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
index 0c8dae788..a26df0c5a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
index ea1db12fe..5d8b19f68 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index 88531b904..258f726c0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040660
stigid@ol8: OL08-00-040220
stigid@rhel7: RHEL-07-040660
- stigid@rhel8: RHEL-08-040220
+ stigid@almalinux8: RHEL-08-040220
stigid@rhel9: RHEL-09-253065
stigid@sle12: SLES-12-030420
stigid@sle15: SLES-15-040370
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
index b54e3d12b..125464d7a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index 43baaf2f3..c9316d17b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-040650
stigid@ol8: OL08-00-040270
stigid@rhel7: RHEL-07-040650
- stigid@rhel8: RHEL-08-040270
+ stigid@almalinux8: RHEL-08-040270
stigid@rhel9: RHEL-09-253070
stigid@sle12: SLES-12-030410
stigid@sle15: SLES-15-040360
diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
index 89d344c4f..1a926adaa 100644
--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
+++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
# check-import = stdout
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
tbl_output=$(nft list tables | grep inet)
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
index 5bf60eb12..602f283c4 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -27,7 +27,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040021
- stigid@rhel8: RHEL-08-040021
+ stigid@almalinux8: RHEL-08-040021
stigid@rhel9: RHEL-09-213045
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="atm") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
index 7f951a269..b7f4f9516 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
@@ -27,7 +27,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040022
- stigid@rhel8: RHEL-08-040022
+ stigid@almalinux8: RHEL-08-040022
stigid@rhel9: RHEL-09-213050
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="can") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
index 57cc29270..4b1b2805e 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
rm -f /etc/modprobe.d/dccp-blacklist.conf
echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
index 2af5055af..0a1aa3a30 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
@@ -26,7 +26,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040026
- stigid@rhel8: RHEL-08-040026
+ stigid@almalinux8: RHEL-08-040026
stigid@rhel9: RHEL-09-213055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index 4ebec10ec..786273f30 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -45,7 +45,7 @@ references:
pcidss4: "1.4.2"
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040023
- stigid@rhel8: RHEL-08-040023
+ stigid@almalinux8: RHEL-08-040023
stigid@rhel9: RHEL-09-213060
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="sctp") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
index b1e4d2557..9e83ffa34 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -44,7 +44,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040024
- stigid@rhel8: RHEL-08-040024
+ stigid@almalinux8: RHEL-08-040024
stigid@rhel9: RHEL-09-213065
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="tipc") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
index ebeb377a9..ba37f5ec1 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
@@ -36,7 +36,7 @@ references:
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
stigid@ol8: OL08-00-040111
- stigid@rhel8: RHEL-08-040111
+ stigid@almalinux8: RHEL-08-040111
stigid@rhel9: RHEL-09-291035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 398948718..afb2d3480 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -63,7 +63,7 @@ references:
stigid@ol7: OL07-00-041010
stigid@ol8: OL08-00-040110
stigid@rhel7: RHEL-07-041010
- stigid@rhel8: RHEL-08-040110
+ stigid@almalinux8: RHEL-08-040110
stigid@rhel9: RHEL-09-291040
stigid@sle12: SLES-12-030450
stigid@sle15: SLES-15-010380
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
index a9dc1b633..ea03598c7 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-040600
stigid@ol8: OL08-00-010680
stigid@rhel7: RHEL-07-040600
- stigid@rhel8: RHEL-08-010680
+ stigid@almalinux8: RHEL-08-010680
stigid@rhel9: RHEL-09-252035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'less than two lines are returned that are not commented out'
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
index 0f2d15979..27572472b 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
index 469db24e9..671a4d019 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
source common.sh
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
index 6f2e6fa20..ea9c566f9 100644
--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
@@ -1,2 +1,2 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
index 3f497dc7b..f85aac045 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 08e686c80..6c088d51f 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040670
stigid@ol8: OL08-00-040330
stigid@rhel7: RHEL-07-040670
- stigid@rhel8: RHEL-08-040330
+ stigid@almalinux8: RHEL-08-040330
stigid@rhel9: RHEL-09-251040
stigid@sle12: SLES-12-030440
stigid@sle15: SLES-15-040390
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
index e4ceeaa8b..30049daa5 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
@@ -26,7 +26,7 @@ references:
anssi: BP28(R40)
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069
- stigid@rhel8: RHEL-08-010700
+ stigid@almalinux8: RHEL-08-010700
stigid@rhel9: RHEL-09-232240
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'there are world-writable directories not owned by root'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
index dcb2b99b7..8dbb02940 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
index 91b3495c9..7f3876c49 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
df --local -P | awk '{if (NR!=1) print $6}' \
| xargs -I '$6' find '$6' -xdev -type d \
\( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index e950afe03..401060402 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -55,7 +55,7 @@ references:
pcidss4: '2.2.6'
srg: SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010190
- stigid@rhel8: RHEL-08-010190
+ stigid@almalinux8: RHEL-08-010190
stigid@rhel9: RHEL-09-232245
stigid@sle12: SLES-12-010460
stigid@sle15: SLES-15-010300
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
index fb414f5d7..9bdf10430 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-021030
stigid@ol8: OL08-00-010710
stigid@rhel7: RHEL-07-021030
- stigid@rhel8: RHEL-08-010710
+ stigid@almalinux8: RHEL-08-010710
stigid@sle12: SLES-12-010830
stigid@sle15: SLES-15-040180
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
index d692cae80..9ed181e88 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
@@ -27,7 +27,7 @@ references:
nist: AU-12(b)
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
- stigid@rhel8: RHEL-08-030610
+ stigid@almalinux8: RHEL-08-030610
stigid@rhel9: RHEL-09-653115
stigid@ubuntu2004: UBTU-20-010133
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
index 19606408d..e54d23d4b 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
@@ -27,7 +27,7 @@ references:
nist: AU-12(b)
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
- stigid@rhel8: RHEL-08-030610
+ stigid@almalinux8: RHEL-08-030610
stigid@rhel9: RHEL-09-653110
stigid@ubuntu2004: UBTU-20-010133
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 71f7d9bb4..e81113895 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-020330
stigid@ol8: OL08-00-010790
stigid@rhel7: RHEL-07-020330
- stigid@rhel8: RHEL-08-010790
+ stigid@almalinux8: RHEL-08-010790
stigid@rhel9: RHEL-09-232250
stigid@sle12: SLES-12-010700
stigid@sle15: SLES-15-040410
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 62e980833..456f758e0 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-020320
stigid@ol8: OL08-00-010780
stigid@rhel7: RHEL-07-020320
- stigid@rhel8: RHEL-08-010780
+ stigid@almalinux8: RHEL-08-010780
stigid@rhel9: RHEL-09-232255
stigid@sle12: SLES-12-010690
stigid@sle15: SLES-15-040400
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
index 8c5204806..e178d9508 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
@@ -27,7 +27,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010260
- stigid@rhel8: RHEL-08-010260
+ stigid@almalinux8: RHEL-08-010260
stigid@rhel9: RHEL-09-232175
stigid@ubuntu2004: UBTU-20-010417
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
index 8e4b7d00c..768d99cfa 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010230
- stigid@rhel8: RHEL-08-010230
+ stigid@almalinux8: RHEL-08-010230
stigid@rhel9: RHEL-09-232185
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
index 5870e7e27..cb37f1ee4 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
@@ -20,7 +20,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010250
- stigid@rhel8: RHEL-08-010250
+ stigid@almalinux8: RHEL-08-010250
stigid@rhel9: RHEL-09-232170
stigid@ubuntu2004: UBTU-20-010418
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
index a286eff79..79ef6c7fe 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010220
- stigid@rhel8: RHEL-08-010220
+ stigid@almalinux8: RHEL-08-010220
stigid@rhel9: RHEL-09-232180
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
index abf9a202e..baac59007 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
@@ -21,7 +21,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
stigid@ol8: OL08-00-010240
- stigid@rhel8: RHEL-08-010240
+ stigid@almalinux8: RHEL-08-010240
stigid@rhel9: RHEL-09-232025
stigid@ubuntu2004: UBTU-20-010419
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
index b92a28282..558a60be1 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
@@ -19,7 +19,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010210
- stigid@rhel8: RHEL-08-010210
+ stigid@almalinux8: RHEL-08-010210
stigid@rhel9: RHEL-09-232030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
index 6b98f1d51..fff9e1cae 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
@@ -38,7 +38,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010351
- stigid@rhel8: RHEL-08-010351
+ stigid@almalinux8: RHEL-08-010351
stigid@rhel9: RHEL-09-232215
stigid@sle12: SLES-12-010876
stigid@sle15: SLES-15-010356
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
index d69dcf07e..d879c084d 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
@@ -37,7 +37,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010341
- stigid@rhel8: RHEL-08-010341
+ stigid@almalinux8: RHEL-08-010341
stigid@rhel9: RHEL-09-232210
stigid@sle12: SLES-12-010874
stigid@sle15: SLES-15-010354
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
index d2b47d989..9f25146b9 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
find "$dirPath" -type d -exec chown root '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
index 542184ae8..9cdfbf737 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
groupadd nogroup
DIRS="/lib /lib64"
for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
index 5e9aeae2b..5fb5bef83 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist: CM-5,CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010331
- stigid@rhel8: RHEL-08-010331
+ stigid@almalinux8: RHEL-08-010331
stigid@rhel9: RHEL-09-232015
stigid@sle12: SLES-12-010872
stigid@sle15: SLES-15-010352
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
index 5f8dcd2eb..7980d87b5 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
index c3cd0944b..3c41df40c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
chmod -R 755 "$dirPath"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
index 90ae74be6..243a8e16e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
DIRS="/lib /lib64"
for dirPath in $DIRS; do
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
index ebaf9b766..858020d51 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
DIRS="/usr/lib /usr/lib64"
for dirPath in $DIRS; do
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
index 8f479451b..21a923e63 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
index b9bbe4dbe..2652ea041 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
index 57435e380..a7b75a27e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010320
- stigid@rhel8: RHEL-08-010320
+ stigid@almalinux8: RHEL-08-010320
stigid@rhel9: RHEL-09-232195
stigid@sle12: SLES-12-010882
stigid@sle15: SLES-15-010361
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
index 04178f485..ce116710e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
index 5471f360f..1a2c2a9fa 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
find /bin/ \
/usr/bin/ \
/usr/local/bin/ \
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
index 735092787..473d6c8af 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010310
- stigid@rhel8: RHEL-08-010310
+ stigid@almalinux8: RHEL-08-010310
stigid@rhel9: RHEL-09-232190
stigid@sle12: SLES-12-010879
stigid@sle15: SLES-15-010359
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
index c02b4c896..6992f5dfc 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010340
- stigid@rhel8: RHEL-08-010340
+ stigid@almalinux8: RHEL-08-010340
stigid@rhel9: RHEL-09-232200
stigid@sle12: SLES-12-010873
stigid@sle15: SLES-15-010353
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
index 9c3fa6fe9..78ab97152 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
index 02867684c..8b274eded 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
useradd user_test
for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
index 81d8a339e..70345d4e7 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
useradd user_test
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
index 3382568ce..b4f4bd0a0 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
useradd user_test
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
index aeaa1f058..b69b5cd7a 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
index ab89b277a..f4a7c33a9 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
for dirPath in $DIRS; do
find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
index 2a3e521fa..592cffa8b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010300
- stigid@rhel8: RHEL-08-010300
+ stigid@almalinux8: RHEL-08-010300
stigid@rhel9: RHEL-09-232010
stigid@sle12: SLES-12-010878
stigid@sle15: SLES-15-010358
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
index 12d8448a7..a34484685 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010330
- stigid@rhel8: RHEL-08-010330
+ stigid@almalinux8: RHEL-08-010330
stigid@rhel9: RHEL-09-232020
stigid@sle12: SLES-12-010871
stigid@sle15: SLES-15-010351
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
index db7cf42de..913ce7e4d 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
@@ -42,7 +42,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010350
- stigid@rhel8: RHEL-08-010350
+ stigid@almalinux8: RHEL-08-010350
stigid@rhel9: RHEL-09-232205
stigid@sle12: SLES-12-010875
stigid@sle15: SLES-15-010355
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
index 5356d3742..a85c88001 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
index 7352b60aa..fc84e065c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
groupadd group_test
for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
index b0d594003..4a71eccda 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
index ccb1b8ea4..cae76a731 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
@@ -27,7 +27,7 @@ references:
nist: CM-6(a),AC-6(1)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010374
- stigid@rhel8: RHEL-08-010374
+ stigid@almalinux8: RHEL-08-010374
stigid@rhel9: RHEL-09-213030
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
index 5ce0decba..b7a4243e4 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
index 34ed37a00..d7a3ae8a7 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
@@ -29,7 +29,7 @@ references:
nist: CM-6(a),AC-6(1)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010373
- stigid@rhel8: RHEL-08-010373
+ stigid@almalinux8: RHEL-08-010373
stigid@rhel9: RHEL-09-213035
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index 6a57bd06a..3c42ed39b 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -47,7 +47,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040025
- stigid@rhel8: RHEL-08-040025
+ stigid@almalinux8: RHEL-08-040025
stigid@rhel9: RHEL-09-231195
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_module_disable(module="cramfs") }}}
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index da4bc6591..18dc7020d 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-020100
stigid@ol8: OL08-00-040080
stigid@rhel7: RHEL-07-020100
- stigid@rhel8: RHEL-08-040080
+ stigid@almalinux8: RHEL-08-040080
stigid@rhel9: RHEL-09-291010
stigid@sle12: SLES-12-010580
stigid@sle15: SLES-15-010480
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
index 41352695f..8b69802ab 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index bb3febec5..4246c3e26 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-020110
stigid@ol8: OL08-00-040070
stigid@rhel7: RHEL-07-020110
- stigid@rhel8: RHEL-08-040070
+ stigid@almalinux8: RHEL-08-040070
stigid@rhel9: RHEL-09-231040
stigid@sle12: SLES-12-010590
stigid@sle15: SLES-15-010240
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
index 1142ad726..ab5a6140b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
@@ -26,7 +26,7 @@ references:
nist: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010572
- stigid@rhel8: RHEL-08-010572
+ stigid@almalinux8: RHEL-08-010572
stigid@rhel9: RHEL-09-231105
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and uefi
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
index a783272e8..0d12086a6 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
@@ -32,7 +32,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010571
- stigid@rhel8: RHEL-08-010571
+ stigid@almalinux8: RHEL-08-010571
stigid@rhel9: RHEL-09-231100
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
index f82495084..ccb0940c6 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-021024
stigid@ol8: OL08-00-040120
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040120
+ stigid@almalinux8: RHEL-08-040120
stigid@rhel9: RHEL-09-231110
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index f95eff16a..ddb39cfde 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-021024
stigid@ol8: OL08-00-040122
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040122
+ stigid@almalinux8: RHEL-08-040122
stigid@rhel9: RHEL-09-231115
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
index 8ceb7d18a..f3ecb97e3 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-021024
stigid@ol8: OL08-00-040121
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040121
+ stigid@almalinux8: RHEL-08-040121
stigid@rhel9: RHEL-09-231120
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
index 2b8b3e4f3..413e0da68 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
@@ -28,7 +28,7 @@ references:
nist: CM-6(b)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010590
- stigid@rhel8: RHEL-08-010590
+ stigid@almalinux8: RHEL-08-010590
stigid@rhel9: RHEL-09-231055
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
index 7dd5cc0b4..cfab794e7 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-021000
stigid@ol8: OL08-00-010570
stigid@rhel7: RHEL-07-021000
- stigid@rhel8: RHEL-08-010570
+ stigid@almalinux8: RHEL-08-010570
stigid@rhel9: RHEL-09-231050
stigid@sle12: SLES-12-010790
stigid@sle15: SLES-15-040140
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
index c31eaa313..6187f1360 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
@@ -46,7 +46,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010580
- stigid@rhel8: RHEL-08-010580
+ stigid@almalinux8: RHEL-08-010580
stigid@rhel9: RHEL-09-231200
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index b6224a603..92f3eb421 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010600
- stigid@rhel8: RHEL-08-010600
+ stigid@almalinux8: RHEL-08-010600
stigid@rhel9: RHEL-09-231085
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index 6ec1b8f8f..f1779a4e1 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -41,7 +41,7 @@ references:
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010610
- stigid@rhel8: RHEL-08-010610
+ stigid@almalinux8: RHEL-08-010610
stigid@rhel9: RHEL-09-231080
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'removable media partitions are present'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index 8cf194781..51ba46c0f 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -45,7 +45,7 @@ references:
stigid@ol7: OL07-00-021010
stigid@ol8: OL08-00-010620
stigid@rhel7: RHEL-07-021010
- stigid@rhel8: RHEL-08-010620
+ stigid@almalinux8: RHEL-08-010620
stigid@rhel9: RHEL-09-231090
stigid@sle12: SLES-12-010800
stigid@sle15: SLES-15-040150
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
index d787e746e..ef92d5824 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
@@ -45,7 +45,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040123
- stigid@rhel8: RHEL-08-040123
+ stigid@almalinux8: RHEL-08-040123
stigid@rhel9: RHEL-09-231125
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
index 59069f5eb..a62157515 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040125
- stigid@rhel8: RHEL-08-040125
+ stigid@almalinux8: RHEL-08-040125
stigid@rhel9: RHEL-09-231130
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
index 5fde7f0fc..70e7d39ff 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
@@ -45,7 +45,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040124
- stigid@rhel8: RHEL-08-040124
+ stigid@almalinux8: RHEL-08-040124
stigid@rhel9: RHEL-09-231135
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
index 307393654..5e1234579 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
@@ -35,7 +35,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040129
- stigid@rhel8: RHEL-08-040129
+ stigid@almalinux8: RHEL-08-040129
stigid@rhel9: RHEL-09-231160
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
index 7946d878f..5e168f7f9 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040131
- stigid@rhel8: RHEL-08-040131
+ stigid@almalinux8: RHEL-08-040131
stigid@rhel9: RHEL-09-231165
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
index a549df2a6..69f51d8ed 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
@@ -34,7 +34,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040130
- stigid@rhel8: RHEL-08-040130
+ stigid@almalinux8: RHEL-08-040130
stigid@rhel9: RHEL-09-231170
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log-audit]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
index 7f79fb5c6..c0cf11cc3 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
@@ -35,7 +35,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040126
- stigid@rhel8: RHEL-08-040126
+ stigid@almalinux8: RHEL-08-040126
stigid@rhel9: RHEL-09-231145
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
index 388ed247d..5b0958a2c 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
@@ -36,7 +36,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040128
- stigid@rhel8: RHEL-08-040128
+ stigid@almalinux8: RHEL-08-040128
stigid@rhel9: RHEL-09-231150
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
index 6fd03f817..f3a539c5d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
@@ -37,7 +37,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040127
- stigid@rhel8: RHEL-08-040127
+ stigid@almalinux8: RHEL-08-040127
stigid@rhel9: RHEL-09-231155
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-log]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
index 59e39270d..5c154d333 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Delete particular /etc/fstab's row if /var/tmp is already configured to
# represent a mount point (for some device or filesystem other than /tmp)
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
index 10ffc6b84..ca2b543dd 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
@@ -38,7 +38,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040132
- stigid@rhel8: RHEL-08-040132
+ stigid@almalinux8: RHEL-08-040132
stigid@rhel9: RHEL-09-231175
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platforms:
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
index b7ed162e0..68d8bcd66 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
@@ -38,7 +38,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040134
- stigid@rhel8: RHEL-08-040134
+ stigid@almalinux8: RHEL-08-040134
stigid@rhel9: RHEL-09-231180
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-tmp]
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
index 4517a6efe..c3e33dbff 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
@@ -38,7 +38,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040133
- stigid@rhel8: RHEL-08-040133
+ stigid@almalinux8: RHEL-08-040133
stigid@rhel9: RHEL-09-231185
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine and mount[var-tmp]
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
index d94802273..554e34e00 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index 984721275..1b5b9b426 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -43,7 +43,7 @@ references:
pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010675
- stigid@rhel8: RHEL-08-010675
+ stigid@almalinux8: RHEL-08-010675
stigid@rhel9: RHEL-09-213085
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "ProcessSizeMax" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
index d94802273..554e34e00 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index 5eb907d0c..a4d77bd7d 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -43,7 +43,7 @@ references:
pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010674
- stigid@rhel8: RHEL-08-010674
+ stigid@almalinux8: RHEL-08-010674
stigid@rhel9: RHEL-09-213090
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: Storage is not set to none or is commented out and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
index 32651fa92..b68ea1c66 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
SECURITY_LIMITS_FILE="/etc/security/limits.conf"
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
index 41cbd1197..481afa583 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index 9b1c0c36f..c5e2b96c0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -41,7 +41,7 @@ references:
pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010673
- stigid@rhel8: RHEL-08-010673
+ stigid@almalinux8: RHEL-08-010673
stigid@rhel9: RHEL-09-213095
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index 5f34c7ff9..548dafcf4 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010672
- stigid@rhel8: RHEL-08-010672
+ stigid@almalinux8: RHEL-08-010672
stigid@rhel9: RHEL-09-213100
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: unit systemd-coredump.socket is not masked or running
@@ -51,7 +51,7 @@ template:
name: socket_disabled
vars:
socketname: systemd-coredump
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
packagename: systemd
{{% else %}}
packagename: systemd-udev
diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
index a51038bb8..13f289b8f 100644
--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ bash_instantiate_variables("var_umask_for_daemons") }}}
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
index 415b0486d..02b1e991a 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
index 8f7a99d5e..e7f107fcc 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
@@ -28,7 +28,7 @@ references:
nist: SC-30,SC-30(2),SC-30(5),CM-6(a)
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040283
- stigid@rhel8: RHEL-08-040283
+ stigid@almalinux8: RHEL-08-040283
stigid@rhel9: RHEL-09-213025
stigid@sle12: SLES-12-030320
stigid@sle15: SLES-15-010540
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
index 70189666c..22f9e966b 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
index 209395fa9..23cce30a8 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
index 7a4c107b2..22e209120 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
index 549f3ac85..7d8007bfc 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
@@ -42,7 +42,7 @@ references:
stigid@ol7: OL07-00-040201
stigid@ol8: OL08-00-010430
stigid@rhel7: RHEL-07-040201
- stigid@rhel8: RHEL-08-010430
+ stigid@almalinux8: RHEL-08-010430
stigid@rhel9: RHEL-09-213070
stigid@sle12: SLES-12-030330
stigid@sle15: SLES-15-010550
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
index 0c078dd88..b1575c670 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -38,7 +38,7 @@ references:
pcidss4: "2.2.1"
srg: SRG-OS-000433-GPOS-00192,SRG-APP-000450-CTR-001105
stigid@ol8: OL08-00-010420
- stigid@rhel8: RHEL-08-010420
+ stigid@almalinux8: RHEL-08-010420
stigid@ubuntu2004: UBTU-20-010447
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# In aarch64 cpus the bit is XN and it is not disableable
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
index 6d87da5f2..021acd31f 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
index 3260539b3..29d22d491 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# remediation = none
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
index 4fcb716d1..ddc46922a 100644
--- a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
@@ -20,7 +20,7 @@ references:
nist: CM-7 (a),CM-7 (5) (b)
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000370-GPOS-00155
stigid@ol8: OL08-00-040020
- stigid@rhel8: RHEL-08-040020
+ stigid@almalinux8: RHEL-08-040020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
platform: machine
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index 53ce18c0d..405988116 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -29,7 +29,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010421
- stigid@rhel8: RHEL-08-010421
+ stigid@almalinux8: RHEL-08-010421
stigid@rhel9: RHEL-09-212040
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'page allocator poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index 334d29f55..db2c32ba6 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -29,7 +29,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010423
- stigid@rhel8: RHEL-08-010423
+ stigid@almalinux8: RHEL-08-010423
stigid@rhel9: RHEL-09-212045
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'SLUB/SLAB poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
index 88c683445..fa9b2020d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
index abcf132fd..dc8a7fe22 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -29,7 +29,7 @@ references:
pcidss4: '3.3.1'
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010671
- stigid@rhel8: RHEL-08-010671
+ stigid@almalinux8: RHEL-08-010671
stigid@rhel9: RHEL-09-213040
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: |-
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
index 36e025cc3..e97acde11 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
index de07abef6..a8483ce26 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
@@ -29,7 +29,7 @@ references:
stigid@ol7: OL07-00-010375
stigid@ol8: OL08-00-010375
stigid@rhel7: RHEL-07-010375
- stigid@rhel8: RHEL-08-010375
+ stigid@almalinux8: RHEL-08-010375
stigid@rhel9: RHEL-09-213010
stigid@sle12: SLES-12-010375
stigid@sle15: SLES-15-010375
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
index 505b3c12b..cdf18e6dd 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
index d666f6ad1..0dd38a3f0 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
@@ -22,7 +22,7 @@ references:
nist: CM-6
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
stigid@ol8: OL08-00-010372
- stigid@rhel8: RHEL-08-010372
+ stigid@almalinux8: RHEL-08-010372
stigid@rhel9: RHEL-09-213020
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
index 0541e59a7..50020c28c 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
index 066bcd9d1..02465e4dc 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
@@ -25,7 +25,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600
stigid@ol8: OL08-00-010376
- stigid@rhel8: RHEL-08-010376
+ stigid@almalinux8: RHEL-08-010376
stigid@rhel9: RHEL-09-213015
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
index 2e24d9211..7b706bb32 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
index 4365ced4f..c14e3c816 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040281
- stigid@rhel8: RHEL-08-040281
+ stigid@almalinux8: RHEL-08-040281
stigid@rhel9: RHEL-09-213075
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
index ceafd4839..7006e2066 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
index 9c4d9262f..c75b04069 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
@@ -29,7 +29,7 @@ references:
nist: SC-7(10)
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040282
- stigid@rhel8: RHEL-08-040282
+ stigid@almalinux8: RHEL-08-040282
stigid@rhel9: RHEL-09-213080
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
index 7519b7740..af6c30abd 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index b594399d7..bd08cc1fe 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040286
- stigid@rhel8: RHEL-08-040286
+ stigid@almalinux8: RHEL-08-040286
stigid@rhel9: RHEL-09-251045
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
index fdd4fb83e..3274d5b36 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
index 5e2508b9d..da921a343 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
@@ -34,7 +34,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040284
- stigid@rhel8: RHEL-08-040284
+ stigid@almalinux8: RHEL-08-040284
stigid@rhel9: RHEL-09-213105
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil: |
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
index 4be24a89d..76c0cc6df 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
index 735354a2d..0c13b196e 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
index 2520d3dcc..ed0bc9538 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
# Package libselinux cannot be uninstalled normally
# as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index c9bddfefc..fb8565762 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -31,7 +31,7 @@ references:
disa: CCI-001084
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010171
- stigid@rhel8: RHEL-08-010171
+ stigid@almalinux8: RHEL-08-010171
stigid@rhel9: RHEL-09-431025
2021-09-15 11:41:44 +00:00
2024-03-04 15:52:37 +00:00
ocil_clause: 'the policycoreutils package is not installed'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index fa39b8af6..33e2978d4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 0b33e5768..c9b647b8e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
2024-03-04 15:52:37 +00:00
index eb020851d..690015e10 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
2024-03-04 15:52:37 +00:00
@@ -56,7 +56,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020220
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010450
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020220
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010450
+ stigid@almalinux8: RHEL-08-010450
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-431015
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
ocil_clause: 'the loaded policy name is not "{{{ xccdf_value("var_selinux_policy_name") }}}"'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 3234ef102..9961cbdd9 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 1f458fa5b..3a9811ea3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
2024-03-04 15:52:37 +00:00
index 974c1c791..87c66527f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
2024-03-04 15:52:37 +00:00
@@ -48,7 +48,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020210
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010170
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020210
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010170
+ stigid@almalinux8: RHEL-08-010170
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-431010
2021-09-15 11:41:44 +00:00
ocil_clause: 'SELINUX is not set to enforcing'
diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
2024-03-04 15:52:37 +00:00
index b9bd06bcd..b69db1723 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
2024-03-04 15:52:37 +00:00
@@ -41,7 +41,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-020020
stigid@ol8: OL08-00-040400
stigid@rhel7: RHEL-07-020020
- stigid@rhel8: RHEL-08-040400
+ stigid@almalinux8: RHEL-08-040400
ocil_clause: 'non-admin users are not confined correctly'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
2024-03-04 15:52:37 +00:00
index 3c73b4cde..beb5b86cd 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
2024-03-04 15:52:37 +00:00
@@ -76,7 +76,7 @@ references:
2021-11-17 13:33:00 +00:00
nist@sle15: SC-28,SC-28.1
srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010030
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010030
+ stigid@almalinux8: RHEL-08-010030
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231190
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010450
stigid@sle15: SLES-15-010330
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
2024-03-04 15:52:37 +00:00
index 38bf96760..7d76efdb5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
2024-03-04 15:52:37 +00:00
@@ -45,7 +45,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021310
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010800
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021310
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010800
+ stigid@almalinux8: RHEL-08-010800
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231010
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010850
stigid@sle15: SLES-15-040200
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
2024-03-04 15:52:37 +00:00
index c0c938f2b..8f3b33363 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021340
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010543
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021340
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010543
+ stigid@almalinux8: RHEL-08-010543
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231015
2021-09-15 11:41:44 +00:00
{{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
2024-03-04 15:52:37 +00:00
index 74bbec5a8..cb538f13d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
2024-03-04 15:52:37 +00:00
@@ -44,7 +44,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021320
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010540
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021320
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010540
+ stigid@almalinux8: RHEL-08-010540
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231020
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010860
stigid@sle15: SLES-15-040210
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
2024-03-04 15:52:37 +00:00
index 563251a11..1fae6d160 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2021-11-17 13:33:00 +00:00
nist-csf: PR.PT-1,PR.PT-4
2021-09-15 11:41:44 +00:00
srg: SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010541
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010541
+ stigid@almalinux8: RHEL-08-010541
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231025
2021-09-15 11:41:44 +00:00
{{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
2024-03-04 15:52:37 +00:00
index 25ab26c3e..4d4ca84c0 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
2024-03-04 15:52:37 +00:00
@@ -50,7 +50,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021330
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010542
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021330
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010542
+ stigid@almalinux8: RHEL-08-010542
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231030
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010870
stigid@sle15: SLES-15-030810
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
2024-03-04 15:52:37 +00:00
index 423da9c42..6e697d50e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
2024-03-04 15:52:37 +00:00
@@ -35,7 +35,7 @@ references:
2023-02-21 13:38:18 +00:00
cis@ubuntu2204: 1.1.4.1
2021-11-17 13:33:00 +00:00
srg: SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010544
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010544
+ stigid@almalinux8: RHEL-08-010544
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-231035
2021-11-17 13:33:00 +00:00
{{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index c3baa1b80..be83f158f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
2023-10-30 15:13:07 +00:00
index 917fc7dc4..bc1d7c63c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-10-30 15:13:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
2024-03-04 15:52:37 +00:00
index 49fd4c26a..ab9b2a806 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
2024-03-04 15:52:37 +00:00
@@ -47,7 +47,7 @@ references:
2023-10-30 15:13:07 +00:00
stigid@ol7: OL07-00-010063
2023-02-21 13:38:18 +00:00
stigid@ol8: OL08-00-020032
2023-10-30 15:13:07 +00:00
stigid@rhel7: RHEL-07-010063
2023-02-21 13:38:18 +00:00
- stigid@rhel8: RHEL-08-020032
+ stigid@almalinux8: RHEL-08-020032
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271115
2023-02-21 13:38:18 +00:00
ocil_clause: 'disable-user-list has not been configured or is not disabled'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index f5d68f1c3..91f02c0d4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
2024-03-04 15:52:37 +00:00
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
2024-03-04 15:52:37 +00:00
index 640a61e51..ae0fcb24e 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
2024-03-04 15:52:37 +00:00
@@ -32,7 +32,7 @@ references:
2023-02-21 13:38:18 +00:00
disa: CCI-000056,CCI-000058
2021-11-17 13:33:00 +00:00
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-020050
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-020050
+ stigid@almalinux8: RHEL-08-020050
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271045,RHEL-09-271050
2021-11-17 13:33:00 +00:00
ocil_clause: 'removal-action has not been configured'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 45e6c24aa..e06d9600f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 6b19c8138..1f656f5a8 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
2024-03-04 15:52:37 +00:00
index 99bc0c878..b3fac1ffa 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
@@ -39,7 +39,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010440
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010820
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010440
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010820
+ stigid@almalinux8: RHEL-08-010820
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271040
2021-09-15 11:41:44 +00:00
ocil_clause: 'GDM allows users to automatically login'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index ef2933c52..0d72f6f65 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 0fa83b269..4264c8889 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
if rpm --quiet -q gdm
then
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 0ca67c74a..332a5018a 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 60417ff4e..0af05e798 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index ac168ef9f..69ecfa6a7 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 51e4063c3..3591b7266 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 33460b61c..04074e66b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 4e389aa5c..254db9bfe 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index c3922e5b0..40515598a 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 09eed8367..601191b49 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index bf1efbe61..efa5b96a6 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index f7c7b4379..95781d5ab 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index d3f144c89..ae170b802 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 5b08acff4..d1af90b16 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
2024-03-04 15:52:37 +00:00
index c3aae1f94..27893d7fa 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
2024-03-04 15:52:37 +00:00
@@ -53,7 +53,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010070
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-020060
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010070
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-020060
+ stigid@almalinux8: RHEL-08-020060
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271065
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010080
stigid@sle15: SLES-15-010120
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 9d034e519..2c45806b4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
2024-03-04 15:52:37 +00:00
index 9caab7125..5571ec5d1 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
2024-03-04 15:52:37 +00:00
@@ -45,7 +45,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-010110
stigid@ol8: OL08-00-020031
stigid@rhel7: RHEL-07-010110
- stigid@rhel8: RHEL-08-020031
+ stigid@almalinux8: RHEL-08-020031
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271075
2023-02-21 13:38:18 +00:00
ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index d04e6893f..5b9cba007 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
2024-03-04 15:52:37 +00:00
index 7281b7192..a0b8093d1 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
2024-03-04 15:52:37 +00:00
@@ -57,7 +57,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010060
2024-03-04 15:52:37 +00:00
stigid@ol8: OL08-00-020030,OL08-00-020082
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010060
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-020030
+ stigid@almalinux8: RHEL-08-020030
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271060,RHEL-09-271055
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010060
stigid@sle15: SLES-15-010100
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 34ff91ab3..875abf68d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
2024-03-04 15:52:37 +00:00
index f263324e7..79bfbe76d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
2024-03-04 15:52:37 +00:00
@@ -38,7 +38,7 @@ references:
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol7: OL07-00-010062
stigid@rhel7: RHEL-07-010062
- stigid@rhel8: RHEL-08-020082
+ stigid@almalinux8: RHEL-08-020082
ocil_clause: 'screensaver locking is not locked'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 4dbe2b3c8..7313b6bcd 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 606e00c5f..792db4ca4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index ed7d98843..a41cb7151 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
2024-03-04 15:52:37 +00:00
index 8af7828af..23932ed00 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
2024-03-04 15:52:37 +00:00
@@ -43,7 +43,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-010081
stigid@ol8: OL08-00-020080
stigid@rhel7: RHEL-07-010081
- stigid@rhel8: RHEL-08-020080
+ stigid@almalinux8: RHEL-08-020080
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271080
2023-02-21 13:38:18 +00:00
ocil_clause: 'GNOME3 session settings are not locked or configured properly'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index aae97c962..18c7ec75f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
2024-03-04 15:52:37 +00:00
index 8f83ef5b1..07aa048e9 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
2024-03-04 15:52:37 +00:00
@@ -47,7 +47,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-010082
stigid@ol8: OL08-00-020081
stigid@rhel7: RHEL-07-010082
- stigid@rhel8: RHEL-08-020081
+ stigid@almalinux8: RHEL-08-020081
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271070
stigid@sle12: SLES-12-010080
stigid@sle15: SLES-15-010120
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 76181547b..eb340cb5b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
2024-03-04 15:52:37 +00:00
index 6700f0533..30d3068ab 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
2024-03-04 15:52:37 +00:00
@@ -46,7 +46,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020231
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040171
2021-09-15 11:41:44 +00:00
stigid@rhel7: RHEL-07-020231
- stigid@rhel8: RHEL-08-040171
+ stigid@almalinux8: RHEL-08-040171
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-271105,RHEL-09-271110
2021-11-17 13:33:00 +00:00
stigid@ubuntu2004: UBTU-20-010459
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index fa4f578ef..f0d0708d1 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
2023-10-30 15:13:07 +00:00
index c7617bc43..7de8de33c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/gnome/group.yml
+++ b/linux_os/guide/system/software/gnome/group.yml
@@ -12,7 +12,7 @@ description: |-
2023-10-30 15:13:07 +00:00
{{% if 'ol' in product %}}
2021-09-15 11:41:44 +00:00
Oracle Linux Graphical environment.
{{% else %}}
- Red Hat Graphical environment.
+ AlmaLinux Graphical environment.
{{% endif %}}
<br /><br />
For more information on GNOME and the GNOME Project, see <b>{{{ weblink(link="https://www.gnome.org") }}}</b>.
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
2024-03-04 15:52:37 +00:00
index 7ef0e5992..be7bc59b3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -4,6 +4,7 @@
The operating system installed on the system is supported by a vendor that provides security patches.
") }}}
<criteria comment="Installed operating system is supported by a vendor" operator="OR">
+ <extend_definition comment="Installed OS is ALMALINUX8" definition_ref="installed_OS_is_almalinux8" />
<extend_definition comment="Installed OS is RHEL7" definition_ref="installed_OS_is_rhel7" />
<extend_definition comment="Installed OS is RHEL8" definition_ref="installed_OS_is_rhel8" />
2023-02-21 13:38:18 +00:00
<extend_definition comment="Installed OS is RHEL9" definition_ref="installed_OS_is_rhel9" />
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
2024-03-04 15:52:37 +00:00
index 90d7c08b0..a19283b81 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
2024-03-04 15:52:37 +00:00
@@ -11,6 +11,9 @@ description: |-
2021-09-15 11:41:44 +00:00
{{% elif product in ["sle12", "sle15"] %}}
SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
vendor, SUSE is responsible for providing security patches.
+{{% elif product == "almalinux8" %}}
+ AlmaLinux is supported by AlmaLinux. As the AlmaLinux
+ vendor, AlmaLinux is responsible for providing security patches.
{{% else %}}
Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise
Linux vendor, Red Hat, Inc. is responsible for providing security patches.
2024-03-04 15:52:37 +00:00
@@ -48,7 +51,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020250
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010000
2021-09-15 11:41:44 +00:00
stigid@rhel7: RHEL-07-020250
- stigid@rhel8: RHEL-08-010000
+ stigid@almalinux8: RHEL-08-010000
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-211010
2021-09-15 11:41:44 +00:00
stigid@sle12: SLES-12-010000
2021-11-17 13:33:00 +00:00
stigid@sle15: SLES-15-010000
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 395e7a665..ed739f421 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -30,7 +30,7 @@ references:
2022-06-29 08:41:07 +00:00
nist: SC-13,SC-12(2),SC-12(3)
srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-672050
2022-06-29 08:41:07 +00:00
ocil_clause: |-
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
2023-02-21 13:38:18 +00:00
index c7385d2c3..637496acd 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = bind
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
BIND_CONF='/etc/named.conf'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
2023-10-30 15:13:07 +00:00
index b00bbfe21..39dbf3036 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2023-10-30 15:13:07 +00:00
{{{ bash_package_remove("bind") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
2023-02-21 13:38:18 +00:00
index 4f9c749eb..46fcc4703 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# packages = bind
#
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# We don't remediate anything if the config file is missing completely.
# remediation = none
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
2023-02-21 13:38:18 +00:00
index 34a32a73b..d8e25d681 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = bind
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
BIND_CONF='/etc/named.conf'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
2023-02-21 13:38:18 +00:00
index 290e5fb07..e32e0a312 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = bind
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
BIND_CONF='/etc/named.conf'
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
index dd096ab41..b180ed3b3 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 89225c96f..c2b0b4a14 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -70,7 +70,7 @@ references:
pcidss4: '2.2.7'
2022-06-29 08:41:07 +00:00
srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-671010,RHEL-09-672030,RHEL-09-672045
2022-06-29 08:41:07 +00:00
ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
index 053093a64..b7e1ee47a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
2023-02-21 13:38:18 +00:00
index b607202c5..621420882 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
# IMPORTANT: This is a false negative scenario.
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
2023-02-21 13:38:18 +00:00
index e5b598342..539ea8f3c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
update-crypto-policies --set "DEFAULT"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
2023-02-21 13:38:18 +00:00
index 7be3c82f3..776f79f4c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 261dc3f96..e6a2f5d0e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
2023-02-21 13:38:18 +00:00
index 356aa3ffe..05dd9be57 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
2023-02-21 13:38:18 +00:00
index 06bd713dd..8de885e50 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
2023-02-21 13:38:18 +00:00
index 56a081eca..a5383733b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
2023-02-21 13:38:18 +00:00
index 10cb25593..55f128c10 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1
# packages = crypto-policies-scripts
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
2023-02-21 13:38:18 +00:00
index a2107d146..b6d9804d2 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
2021-11-17 13:33:00 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_e8
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
2023-02-21 13:38:18 +00:00
index b06e035fa..679e23ee7 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_standard
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
2023-02-21 13:38:18 +00:00
index 6679f94bd..f2246ba0c 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 9461c3ddd..5b5b06ac9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 55b77f667..19f3893df 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -29,7 +29,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: AC-17(2)
srg: SRG-OS-000250-GPOS-00093,SRG-OS-000423-GPOS-00187
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010295
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010295
+ stigid@almalinux8: RHEL-08-010295
ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index 79d8682d3..5b928e18e 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/gnutls.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 3084ec761..a783dddd5 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/gnutls.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index bfaadc713..0ec5bad41 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/gnutls.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 3776d35aa..8710aef51 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/gnutls.config
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index de54d7f96..6c2c30188 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -28,7 +28,7 @@ references:
2022-06-29 08:41:07 +00:00
nist: SC-13,SC-12(2),SC-12(3)
srg: SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-672025
2022-06-29 08:41:07 +00:00
ocil_clause: 'the symlink does not exist or points to a different target'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
2023-02-21 13:38:18 +00:00
index 4834387dc..1d404fe6e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
rm -f /etc/krb5.conf.d/crypto-policies
ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 97ccc0590..e3fdc77d5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
rm -f /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 4eb5348f2..9047445c5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
rm -f /etc/krb5.conf.d/crypto-policies
ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index f0b782571..c85593f9e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -35,7 +35,7 @@ references:
pcidss: Req-2.2
2022-06-29 08:41:07 +00:00
srg: SRG-OS-000033-GPOS-00014
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-671020
2022-06-29 08:41:07 +00:00
ocil_clause: |-
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
2023-10-30 15:13:07 +00:00
index 9379b5ff3..c8fdbd4f5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
2023-10-30 15:13:07 +00:00
{{{ bash_package_remove("libreswan") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
2023-02-21 13:38:18 +00:00
index 439da4978..8dee7191b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = libreswan
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
2023-02-21 13:38:18 +00:00
index fbc8f1001..722f09cd0 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = libreswan
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
2023-02-21 13:38:18 +00:00
index 70f822342..98e1d34eb 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = libreswan
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
index 2863c6102..aeeddb9a1 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = libreswan
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 0f60c61d7..523515c11 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -44,7 +44,7 @@ references:
pcidss: Req-2.2
2021-11-17 13:33:00 +00:00
srg: SRG-OS-000250-GPOS-00093
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010293
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010293
+ stigid@almalinux8: RHEL-08-010293
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-672035
2021-11-17 13:33:00 +00:00
ocil_clause: |-
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
index 8ccb6cef9..306b29698 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
. common.sh
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
2023-02-21 13:38:18 +00:00
index edeca90f0..1d8175d82 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
@@ -1,5 +1,5 @@
2023-02-21 13:38:18 +00:00
#!/bin/bash
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
2021-09-15 11:41:44 +00:00
. common.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
2023-02-21 13:38:18 +00:00
index 8c509ef32..6cd8e06da 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
2021-09-15 11:41:44 +00:00
. common.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
2023-02-21 13:38:18 +00:00
index 1c9342e23..00fb77fb1 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
2021-09-15 11:41:44 +00:00
. common.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
2023-02-21 13:38:18 +00:00
index 1b2ea8d80..7795d5a96 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
2021-11-17 13:33:00 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
2021-11-17 13:33:00 +00:00
. common.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 6fad634d7..969472391 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -44,7 +44,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: AC-17(2)
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010294
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010294
+ stigid@almalinux8: RHEL-08-010294
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-672040
2021-11-17 13:33:00 +00:00
ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index 48ccb9b98..80b0cdbbc 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
2021-09-15 11:41:44 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
2023-02-21 13:38:18 +00:00
index 8d84292b3..05fcc9167 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
2023-02-21 13:38:18 +00:00
index 3a17e7865..cff7622e9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 209a6bd40..2330ede55 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
2023-10-30 15:13:07 +00:00
index 26d67f1e9..bda103475 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index a8fb8a6b8..34b4b351d 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 1593ce8ae..e42f42388 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 3fcebafa3..f5be4edbb 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -36,7 +36,7 @@ references:
pcidss4: '2.2.7'
2022-06-29 08:41:07 +00:00
srg: SRG-OS-000250-GPOS-00093
2023-02-21 13:38:18 +00:00
stigid@ol8: OL08-00-010287
2022-06-29 08:41:07 +00:00
- stigid@rhel8: RHEL-08-010287
+ stigid@almalinux8: RHEL-08-010287
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-255055
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
ocil_clause: 'the CRYPTO_POLICY variable is set or is not commented out in the /etc/sysconfig/sshd'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
2023-02-21 13:38:18 +00:00
index 96ae6a064..399d9d334 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
index 6ab33f749..b0c449c19 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
2023-02-21 13:38:18 +00:00
index bcea9badc..bc91e59e7 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
2023-02-21 13:38:18 +00:00
index ea6d23ee1..f4a5a4954 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
2023-02-21 13:38:18 +00:00
index a6e7c89da..56fa0013a 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index d530f4b76..b5fdd0b2b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index cd7c4fb6c..1deb135a3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
cp="Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
2021-11-17 13:33:00 +00:00
file="/etc/crypto-policies/local.d/opensslcnf-ospp.config"
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index 0debb6c70..f7e5d9219 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
2023-02-21 13:38:18 +00:00
index b1f745b69..2925fc550 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
2023-02-21 13:38:18 +00:00
index a01e5d137..ecd34e6ff 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index d6fa6598a..f33cb3177 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
2023-02-21 13:38:18 +00:00
index 573375dce..52fe85013 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index eecad423a..cd8e604cd 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 7a3b7c32e..0eddf01d5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensslcnf.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
2023-02-21 13:38:18 +00:00
index 17bf0e679..c633df0b2 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
2023-02-21 13:38:18 +00:00
index 9b8e954f2..8edf32e22 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
2023-02-21 13:38:18 +00:00
index 63538daac..3e042aa8c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
2023-02-21 13:38:18 +00:00
index 4460f1910..bcab9c7fc 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
2023-02-21 13:38:18 +00:00
index 7c54b4244..9e4901824 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "#Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
2023-02-21 13:38:18 +00:00
index 9da3614e8..3f045e64a 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
2023-02-21 13:38:18 +00:00
index 3c198dd33..d264cb914 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
2023-02-21 13:38:18 +00:00
index 05bccf0f0..2913e604e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index 7a7b44aa6..6c8973d32 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
2023-02-21 13:38:18 +00:00
index 352c09202..fe1391030 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
rm -f "$file"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
2023-02-21 13:38:18 +00:00
index 7e433ef02..bc80daa1e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
2023-02-21 13:38:18 +00:00
index 5b9c44d10..e8e69c071 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
2023-02-21 13:38:18 +00:00
index 40957c0fc..5127c2810 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
2023-02-21 13:38:18 +00:00
index ec44ce925..0975f5fea 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
2023-02-21 13:38:18 +00:00
index 1310f724a..151331971 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "RekeyLimit 512M 1h\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
2023-02-21 13:38:18 +00:00
index d4ec1fe7a..92a5a4592 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
2023-02-21 13:38:18 +00:00
index 91976a672..ca683377e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
2023-02-21 13:38:18 +00:00
index 259cf23a8..a20d92846 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
2023-02-21 13:38:18 +00:00
index c933ac991..c54c8242c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
2023-02-21 13:38:18 +00:00
index 7ff44b61f..156ce61c7 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
2023-02-21 13:38:18 +00:00
index 24e709eae..9689bc392 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
2023-02-21 13:38:18 +00:00
index a25f9a304..ce8219f3f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
2023-02-21 13:38:18 +00:00
index 269d73db7..c1c74c14e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
2023-02-21 13:38:18 +00:00
index 2f7ca2692..2710f6ec6 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
2023-02-21 13:38:18 +00:00
index 77ea3eaa6..c0c59c20e 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
2023-02-21 13:38:18 +00:00
index 3e1a9f78d..e9a3d3806 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
2023-02-21 13:38:18 +00:00
index b6ff5881d..5198a6486 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-11-17 13:33:00 +00:00
file="/etc/ssh/ssh_config.d/02-ospp.conf"
echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 0a74e07c8..11263cbbe 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 6db8f9654..2f0172991 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
{{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index d8dbff009..2ff8a7b55 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -31,7 +31,7 @@ references:
2022-06-29 08:41:07 +00:00
nist: AC-17(2)
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000423-GPOS-00187
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-255060
2022-06-29 08:41:07 +00:00
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
2023-02-21 13:38:18 +00:00
index 0bf0e7eef..9521cde55 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
2023-02-21 13:38:18 +00:00
index 47afc638c..e3f898028 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
2023-02-21 13:38:18 +00:00
index fc068d8f2..06dd7f45f 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
2023-02-21 13:38:18 +00:00
index 32d81d353..f2a71b8a4 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index d7e16d6bf..e0a234147 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
2023-02-21 13:38:18 +00:00
index 20e9fe1d2..6833b5d94 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 5f74ce16c..4eb372c51 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
incorrect_sshd_approved_ciphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 4f335aebc..73c481b02 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index e83aeb894..f64e72e60 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 14d764ca8..49e23f8c7 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
{{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
2024-03-04 15:52:37 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index 946f7e102..0553c1e54 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -31,7 +31,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: AC-17(2)
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010291
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010291
+ stigid@almalinux8: RHEL-08-010291
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-255065
2021-11-17 13:33:00 +00:00
ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
2024-03-04 15:52:37 +00:00
index 34b69406a..7156acfe3 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
2024-03-04 15:52:37 +00:00
index 60b4616ce..66961be70 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
2024-03-04 15:52:37 +00:00
index 3eca150b3..499776123 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
2024-03-04 15:52:37 +00:00
index f8659efcf..0e0b65548 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 7a9a2a5e9..25cf3fd35 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
cp="CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'"
file=/etc/crypto-policies/local.d/opensshserver-ospp.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index d0541b7ab..e3f476840 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
2023-02-21 13:38:18 +00:00
index 44434606d..503b9d3c8 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
2023-02-21 13:38:18 +00:00
index a92227669..60b7a02f9 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
2023-02-21 13:38:18 +00:00
index b1e285f9b..c2bd5f7bc 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 754195e43..371659769 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
2023-02-21 13:38:18 +00:00
index 8bf264dcd..4a1bb0cec 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index a76346699..a3d5a1af0 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 1928d2cfe..6914ed91d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
configfile=/etc/crypto-policies/back-ends/opensshserver.config
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index c1ea94ce0..39eadbefe 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 451da4db3..5d373e6b9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
{{{ bash_instantiate_variables("sshd_approved_macs") }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 902ef3559..d25a25aca 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -29,7 +29,7 @@ references:
2022-06-29 08:41:07 +00:00
nist: AC-17(2)
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
stigid@ol8: OL08-00-010290
2022-06-29 08:41:07 +00:00
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
2024-03-04 15:52:37 +00:00
index 49d18486f..68d29d5b9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
2024-03-04 15:52:37 +00:00
index b068e2ea4..8ed8a05b8 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
2024-03-04 15:52:37 +00:00
index f57f42270..f91ed8976 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
2023-02-21 13:38:18 +00:00
index 32d81d353..f2a71b8a4 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
2023-02-21 13:38:18 +00:00
index be78ed116..7fd821a4d 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
2024-03-04 15:52:37 +00:00
index 999463e1c..a9fb3f572 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2024-03-04 15:52:37 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
2024-03-04 15:52:37 +00:00
sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 0114a63ab..0666082d0 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
2023-02-21 13:38:18 +00:00
index 4f335aebc..73c481b02 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# profiles = xccdf_org.ssgproject.content_profile_stig
configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 6a0e45947..3ce060968 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index a06ffc2d7..6b4a4f76c 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
2021-11-17 13:33:00 +00:00
{{{ bash_instantiate_variables("sshd_approved_macs") }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index d7c054c99..d2b719876 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
@@ -29,7 +29,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: AC-17(2)
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010290
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010290
+ stigid@almalinux8: RHEL-08-010290
ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
2023-10-30 15:13:07 +00:00
index df9a2844e..922af22a9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-10-30 15:13:07 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
2023-10-30 15:13:07 +00:00
sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
2023-10-30 15:13:07 +00:00
index eef727791..d61b46cde 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-10-30 15:13:07 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
2023-10-30 15:13:07 +00:00
index ec6f07dbc..9b8681014 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-10-30 15:13:07 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
2023-10-30 15:13:07 +00:00
index ee314357d..080606320 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2023-10-30 15:13:07 +00:00
# variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
2021-11-17 13:33:00 +00:00
configfile=/etc/crypto-policies/back-ends/opensshserver.config
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
2023-02-21 13:38:18 +00:00
index beec02c93..878ed4ced 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
2021-09-15 11:41:44 +00:00
cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
{{{ openssl_strong_entropy_config_file() }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
2023-02-21 13:38:18 +00:00
index e7902ee46..a8026607d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
# provide a default -rand /dev/random option to openssl commands that
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
2023-02-21 13:38:18 +00:00
index cddf984f1..b89f77662 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
rm -f /etc/profile.d/openssl-rand.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
2023-02-21 13:38:18 +00:00
index 298c79dc0..b84d9c805 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
2021-09-15 11:41:44 +00:00
echo "wrong data" > /etc/profile.d/openssl-rand.sh
diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
2023-10-30 15:13:07 +00:00
index 0447bf2c4..43627ebd3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
2024-03-04 15:52:37 +00:00
index 3f8e47ab0..4d64f217a 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
2024-03-04 15:52:37 +00:00
@@ -26,7 +26,7 @@ references:
2022-06-29 08:41:07 +00:00
stigid@ol7: OL07-00-020019
stigid@ol8: OL08-00-010001
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020019
- stigid@rhel8: RHEL-08-010001
+ stigid@almalinux8: RHEL-08-010001
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-211025
2021-11-17 13:33:00 +00:00
ocil_clause: 'virus scanning software is not running'
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
2024-03-04 15:52:37 +00:00
index 97f7635dd..cdc2c119b 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -34,7 +34,7 @@ references:
2022-06-29 08:41:07 +00:00
stigid@ol7: OL07-00-020019
stigid@ol8: OL08-00-010001
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020019
- stigid@rhel8: RHEL-08-010001
+ stigid@almalinux8: RHEL-08-010001
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-211025
2022-06-29 08:41:07 +00:00
stigid@ubuntu2004: UBTU-20-010415
2021-11-17 13:33:00 +00:00
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
index 9647791ef..9f70b30d4 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = true
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
index 5da0c99e6..57ac7592b 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
fips-mode-setup --enable
FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
2024-03-04 15:52:37 +00:00
index 885a4044e..4aeb05b68 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
2024-03-04 15:52:37 +00:00
@@ -30,7 +30,7 @@ references:
2022-06-29 08:41:07 +00:00
ospp: FCS_RBG_EXT.1
srg: SRG-OS-000478-GPOS-00223
stigid@ol8: OL08-00-010020
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-671010
2022-06-29 08:41:07 +00:00
ocil_clause: 'the Dracut FIPS module is not enabled'
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
index 9c232fc94..f3d71ee21 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = crypto-policies-scripts
-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol
fips-mode-setup --enable
FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
index b92e82236..138d2c997 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = crypto-policies-scripts
-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol
fips-mode-setup --enable
FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
2023-10-30 15:13:07 +00:00
index 3b50e0706..4e4d713e1 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
2023-10-30 15:13:07 +00:00
@@ -25,7 +25,7 @@
<extend_definition definition_ref="system_info_architecture_s390_64"
comment="generic test for non-s390x architecture"/>
</criteria>
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
<criterion test_ref="test_grubenv_fips_mode"
comment="check if the kernel boot parameter is configured for FIPS mode"/>
{{% else %}}
@@ -77,7 +77,7 @@ to a crypto policy module that further restricts the modified crypto policy.">
2023-02-21 13:38:18 +00:00
{{%- endif %}}
</ind:variable_state>
2023-10-30 15:13:07 +00:00
2023-02-21 13:38:18 +00:00
- {{% if product in ["ol8","rhel8"] %}}
+ {{% if product in ["ol8","rhel8", "almalinux8"] %}}
2023-10-30 15:13:07 +00:00
<ind:textfilecontent54_test id="test_grubenv_fips_mode" version="1"
check="all" check_existence="all_exist"
comment="FIPS mode is selected in running kernel options">
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
2024-03-04 15:52:37 +00:00
index 97898e301..554bb0e25 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
2024-03-04 15:52:37 +00:00
@@ -47,7 +47,7 @@ references:
2022-06-29 08:41:07 +00:00
ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1,FCS_RBG_EXT.1
2021-09-15 11:41:44 +00:00
srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010020
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-671010
2021-09-15 11:41:44 +00:00
ocil_clause: 'FIPS mode is not enabled'
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
2024-03-04 15:52:37 +00:00
index c498e1dad..fba92cdb5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
2024-03-04 15:52:37 +00:00
@@ -34,7 +34,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010020
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010020
+ stigid@almalinux8: RHEL-08-010020
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-671010
2021-11-17 13:33:00 +00:00
ocil_clause: 'crypto.fips_enabled is not 1'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
2024-03-04 15:52:37 +00:00
index 04e69228b..9072c4023 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
{{% if 'sle' in product %}}
2024-03-04 15:52:37 +00:00
zypper -q --no-remote ref
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
2024-03-04 15:52:37 +00:00
index c95dc4a0d..1f1a00502 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
2024-03-04 15:52:37 +00:00
@@ -65,7 +65,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-020029
stigid@ol8: OL08-00-010359
stigid@rhel7: RHEL-07-020029
- stigid@rhel8: RHEL-08-010359
+ stigid@almalinux8: RHEL-08-010359
2023-10-30 15:13:07 +00:00
stigid@sle12: SLES-12-010499
stigid@sle15: SLES-15-010419
2024-03-04 15:52:37 +00:00
stigid@ubuntu2004: UBTU-20-010450
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
2024-03-04 15:52:37 +00:00
index 7a53caee5..ca8c351f7 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
2023-10-30 15:13:07 +00:00
index ea2a1113b..fbc6b9b8a 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
2024-03-04 15:52:37 +00:00
index 14ee598be..e780b1bd0 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
2024-03-04 15:52:37 +00:00
@@ -43,7 +43,7 @@ references:
2021-11-17 13:33:00 +00:00
nist: AU-9(3),AU-9(3).1
srg: SRG-OS-000278-GPOS-00108
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-030650
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-030650
+ stigid@almalinux8: RHEL-08-030650
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-651025
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010540
stigid@sle15: SLES-15-030630
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
2023-10-30 15:13:07 +00:00
index 5f751bee5..2684687ff 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-10-30 15:13:07 +00:00
# packages = aide
2021-11-17 13:33:00 +00:00
2023-10-30 15:13:07 +00:00
aide --init
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
2023-10-30 15:13:07 +00:00
index f80f6fd52..3d2bde623 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-10-30 15:13:07 +00:00
# packages = aide
2021-11-17 13:33:00 +00:00
2023-10-30 15:13:07 +00:00
declare -a bins
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
index 692a60d0e..50411aad5 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = aide
2021-11-17 13:33:00 +00:00
2023-10-30 15:13:07 +00:00
declare -a bins
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
2023-10-30 15:13:07 +00:00
index 65bf85123..708ef4e4d 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2023-10-30 15:13:07 +00:00
# packages = aide
2021-11-17 13:33:00 +00:00
2023-10-30 15:13:07 +00:00
aide --init
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
2023-02-21 13:38:18 +00:00
index dfa5c1b6c..60ac94141 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-09-15 11:41:44 +00:00
{{{ bash_package_install("aide") }}}
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
2024-03-04 15:52:37 +00:00
index 8a24a9300..5bca2dc40 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
2024-03-04 15:52:37 +00:00
@@ -48,7 +48,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020040
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010360
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020040
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010360
+ stigid@almalinux8: RHEL-08-010360
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-651015
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010510
2023-10-30 15:13:07 +00:00
stigid@sle15: SLES-15-010570
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 34a114520..b22a658da 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_package_install("aide") }}}
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
2023-02-21 13:38:18 +00:00
index 9f9f96e4d..e654ec2ee 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
index 3c2037208..8211c4ad0 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
2024-03-04 15:52:37 +00:00
index 32d104fc7..1ee861755 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021600
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040310
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021600
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-040310
+ stigid@almalinux8: RHEL-08-040310
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-651030
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010520
stigid@sle15: SLES-15-040040
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
2023-02-21 13:38:18 +00:00
index 9f9f96e4d..e654ec2ee 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
index fd664d468..a00afa564 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
2024-03-04 15:52:37 +00:00
index 5869e4ff8..74a27b14c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-021610
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040300
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-021610
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-040300
+ stigid@almalinux8: RHEL-08-040300
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-651035
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010530
stigid@sle15: SLES-15-040050
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
2023-02-21 13:38:18 +00:00
index 9f9f96e4d..e654ec2ee 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
index d02d969a2..a88b92ab3 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
cat >/etc/aide.conf <<EOL
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
2024-03-04 15:52:37 +00:00
index 5a4079e2d..c3c865563 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml
2024-03-04 15:52:37 +00:00
@@ -25,7 +25,7 @@ references:
2023-02-21 13:38:18 +00:00
nist: AU-9
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030640
- stigid@rhel8: RHEL-08-030640
+ stigid@almalinux8: RHEL-08-030640
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-232225
2023-02-21 13:38:18 +00:00
ocil_clause: 'any audit tools are not group-owned by root'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
2024-03-04 15:52:37 +00:00
index 766e086b2..bc053fc0a 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml
2024-03-04 15:52:37 +00:00
@@ -25,7 +25,7 @@ references:
2023-02-21 13:38:18 +00:00
nist: AU-9
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030630
- stigid@rhel8: RHEL-08-030630
+ stigid@almalinux8: RHEL-08-030630
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-232220
2023-02-21 13:38:18 +00:00
ocil_clause: 'any audit tools are not owned by root'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
2024-03-04 15:52:37 +00:00
index 96c20bb32..6abaec41c 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml
2024-03-04 15:52:37 +00:00
@@ -25,7 +25,7 @@ references:
2023-02-21 13:38:18 +00:00
nist: AU-9
srg: SRG-OS-000256-GPOS-00097,SRG-OS-000257-GPOS-00098,SRG-OS-000258-GPOS-00099
stigid@ol8: OL08-00-030620
- stigid@rhel8: RHEL-08-030620
+ stigid@almalinux8: RHEL-08-030620
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-232035
2023-02-21 13:38:18 +00:00
ocil_clause: 'any of these files have more permissive permissions than 0755'
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
2024-03-04 15:52:37 +00:00
index 7e62f7094..72cef2e4f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-020029
stigid@ol8: OL08-00-010359
stigid@rhel7: RHEL-07-020029
2022-06-29 08:41:07 +00:00
- stigid@rhel8: RHEL-08-010359
+ stigid@almalinux8: RHEL-08-010359
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-651010
2023-10-30 15:13:07 +00:00
stigid@sle12: SLES-12-010499
stigid@sle15: SLES-15-010419
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml
2024-03-04 15:52:37 +00:00
index 9e5172cc5..88a2fa5de 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml
@@ -1,5 +1,5 @@
# and the regex_findall does not filter out configuration files the same as bash remediation does
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = high
2024-03-04 15:52:37 +00:00
@@ -7,7 +7,7 @@
- name: "Set fact: Package manager reinstall command"
2021-11-17 13:33:00 +00:00
set_fact:
2024-03-04 15:52:37 +00:00
package_manager_reinstall_cmd: {{{ pkg_manager }}} reinstall -y
- when: ansible_distribution in [ "Fedora", "RedHat", "CentOS", "OracleLinux" ]
+ when: ansible_distribution in [ "Fedora", "RedHat", "CentOS", "OracleLinux", "AlmaLinux" ]
2023-02-21 13:38:18 +00:00
- name: "Set fact: Package manager reinstall command (zypper)"
set_fact:
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh
2024-03-04 15:52:37 +00:00
index a40f350d4..b1c682604 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names
files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )"
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 5c39628ff..9aa639575 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = high
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 329a00f56..d3cce1c0c 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = high
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 0bd8e7e8a..25b5bd333 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = high
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 0f791c95e..0efde1682 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = high
diff --git a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml
2024-03-04 15:52:37 +00:00
index 12db58eb3..c02427f46 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml
2024-03-04 15:52:37 +00:00
@@ -6,7 +6,7 @@ title: 'Ensure sudo Runs In A Minimal Environment - sudo env_reset'
2023-02-21 13:38:18 +00:00
description: |-
The sudo <tt>env_reset</tt> tag, when specified, will run the command in a minimal environment,
containing the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER and SUDO_* variables.
-{{%- if product in ["rhel7", "rhel8"] %}}
+{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
On {{{ full_name }}}, <tt>env_reset</tt> is enabled by default
{{%- endif %}}
This should be enabled by making sure that the <tt>env_reset</tt> tag exists in
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
2024-03-04 15:52:37 +00:00
index 730dc5504..b625424cb 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
2024-03-04 15:52:37 +00:00
+++ b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
@@ -6,7 +6,7 @@ title: 'Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot'
2023-02-21 13:38:18 +00:00
description: |-
The sudo <tt>ignore_dot</tt> tag, when specified, will ignore the current directory
in the PATH environment variable.
-{{%- if product in ["rhel7", "rhel8"] %}}
+{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
On {{{ full_name }}}, <tt>env_reset</tt> is enabled by default
{{%- endif %}}
This should be enabled by making sure that the <tt>ignore_dot</tt> tag exists in
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
2024-03-04 15:52:37 +00:00
index 1445c701a..b1ff0cd91 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
2024-03-04 15:52:37 +00:00
@@ -5,7 +5,7 @@ title: 'Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout'
2021-11-17 13:33:00 +00:00
2023-02-21 13:38:18 +00:00
description: |-
The sudo <tt>passwd_timeout</tt> tag sets the amount of time sudo password prompt waits.
-{{%- if product in ["rhel7", "rhel8"] %}}
+{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
On {{{ full_name }}}, the default <tt>passwd_timeout</tt> value is 5 minutes.
{{% endif %}}
The passwd_timeout should be configured by making sure that the
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
2024-03-04 15:52:37 +00:00
index ae86e7293..4674e6b97 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
2024-03-04 15:52:37 +00:00
@@ -6,7 +6,7 @@ title: 'Ensure sudo umask is appropriate - sudo umask'
2023-02-21 13:38:18 +00:00
description: |-
The sudo <tt>umask</tt> tag, when specified, will be added the to the user's umask in the
command environment.
-{{%- if product in ["rhel7", "rhel8"] %}}
+{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
On {{{ full_name }}}, the default <tt>umask</tt> value is 0022.
{{% endif %}}
The umask should be configured by making sure that the <tt>umask={{{ xccdf_value("var_sudo_umask") }}}</tt> tag exists in
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
2023-02-21 13:38:18 +00:00
index 21ece11e5..26403c434 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# variables = var_sudo_umask=0027
# Default umask is not explicitly set and has value 0022
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
2023-02-21 13:38:18 +00:00
index c01587242..de0605d2d 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# variables = var_sudo_umask=0027
# Default umask is not explicitly set and has value 0022
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
2023-02-21 13:38:18 +00:00
index eb5220278..e19cec598 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# variables = var_sudo_umask=0027
# Default umask is not explicitly set and has value 0022
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
2023-02-21 13:38:18 +00:00
index 0ca7c09b3..05dcae714 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# variables = var_sudo_umask=0027
echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
2023-02-21 13:38:18 +00:00
index 39ec72b52..a2849d3b4 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# variables = var_sudo_umask=0027
echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
2023-02-21 13:38:18 +00:00
index 0e5aed5d0..c75edccd5 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
2021-09-15 11:41:44 +00:00
# remediation = none
# Make sure sudo is owned by root group
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
2024-03-04 15:52:37 +00:00
index 553370c11..d5a9a7f5f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
2023-02-21 13:38:18 +00:00
@@ -39,7 +39,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010350
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010381
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010350
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010381
+ stigid@almalinux8: RHEL-08-010381
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-432025
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010110
stigid@sle15: SLES-15-010450
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
2024-03-04 15:52:37 +00:00
index 1f1aba0f4..8fb3c5e56 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
2022-06-29 08:41:07 +00:00
@@ -39,7 +39,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010340
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010380
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010340
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010380
+ stigid@almalinux8: RHEL-08-010380
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-611085
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010110
stigid@sle15: SLES-15-010450
diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
2024-03-04 15:52:37 +00:00
index b6eeb72d5..f7339aa12 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2022-06-29 08:41:07 +00:00
stigid@ol7: OL07-00-010343
stigid@ol8: OL08-00-010384
stigid@rhel7: RHEL-07-010343
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010384
+ stigid@almalinux8: RHEL-08-010384
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-432015
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010113
stigid@sle15: SLES-15-020102
diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
2024-03-04 15:52:37 +00:00
index ff37f2f17..7834ac1e4 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
2024-03-04 15:52:37 +00:00
@@ -33,7 +33,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010341
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010382
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010341
- stigid@rhel8: RHEL-08-010382
+ stigid@almalinux8: RHEL-08-010382
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-432030
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010111
stigid@sle15: SLES-15-020101
2022-06-29 08:41:07 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
2024-03-04 15:52:37 +00:00
index 5b8379c35..efa3b3bb3 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
2024-03-04 15:52:37 +00:00
@@ -35,7 +35,7 @@ references:
2023-02-21 13:38:18 +00:00
stigid@ol7: OL07-00-010339
stigid@ol8: OL08-00-010379
stigid@rhel7: RHEL-07-010339
2022-06-29 08:41:07 +00:00
- stigid@rhel8: RHEL-08-010379
+ stigid@almalinux8: RHEL-08-010379
2023-02-21 13:38:18 +00:00
stigid@sle12: SLES-12-010109
stigid@sle15: SLES-15-020099
2022-06-29 08:41:07 +00:00
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
2024-03-04 15:52:37 +00:00
index bfb4e8fe1..48797fa16 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
2024-03-04 15:52:37 +00:00
@@ -37,7 +37,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-010342
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010383
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-010342
- stigid@rhel8: RHEL-08-010383
+ stigid@almalinux8: RHEL-08-010383
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-432020
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010112
stigid@sle15: SLES-15-020103
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
index a258d108a..904d4adb0 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
2022-06-29 08:41:07 +00:00
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
echo 'Defaults !targetpw' >> /etc/sudoers
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
2023-02-21 13:38:18 +00:00
index cdd8174d2..ab7afd6a4 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2023-02-21 13:38:18 +00:00
touch /etc/sudoers.d/empty
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
2023-02-21 13:38:18 +00:00
index 093f9dd80..0cd6dbf48 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2023-02-21 13:38:18 +00:00
echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
index 3372c20b7..6c9e6fc44 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2022-06-29 08:41:07 +00:00
echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
2023-02-21 13:38:18 +00:00
index ef0abd449..9606a913c 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = sudo
echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
index 6247b5230..bd82dc53d 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
index 071e3a0ab..b6779c1c5 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2021-11-17 13:33:00 +00:00
echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
2023-02-21 13:38:18 +00:00
index 273fb4529..b15cdc1da 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2023-02-21 13:38:18 +00:00
touch /etc/sudoers.d/empty
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
2023-02-21 13:38:18 +00:00
index d477b5972..569a80382 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2023-02-21 13:38:18 +00:00
touch /etc/sudoers.d/empty
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
2023-02-21 13:38:18 +00:00
index a4c5bde62..42fb94bf8 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
# packages = sudo
2023-02-21 13:38:18 +00:00
touch /etc/sudoers.d/empty
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 3cfc412ab..1a3d3bd6b 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -20,7 +20,7 @@ identifiers:
2023-02-21 13:38:18 +00:00
references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt-addon-ccpp") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
2024-03-04 15:52:37 +00:00
index a8692ed28..4085582de 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -20,7 +20,7 @@ identifiers:
2023-02-21 13:38:18 +00:00
references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt-addon-kerneloops") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 54a8d350b..6567b35cb 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -18,7 +18,7 @@ identifiers:
2023-02-21 13:38:18 +00:00
references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt-addon-python") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 61d482103..27bcc1fe7 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -20,7 +20,7 @@ identifiers:
2023-02-21 13:38:18 +00:00
references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt-cli") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 73dcdc0ab..c87af02dc 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -19,7 +19,7 @@ identifiers:
2023-02-21 13:38:18 +00:00
references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="abrt-plugin-sosreport") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
2024-03-04 15:52:37 +00:00
index ba437727c..284b7c32f 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -20,7 +20,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000381,CCI-000366
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040370
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-040370
+ stigid@almalinux8: RHEL-08-040370
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-215045
2021-09-15 11:41:44 +00:00
{{{ complete_ocil_entry_package(package="gssproxy") }}}
diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 4000e219f..e7b817370 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -21,7 +21,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000366
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040380
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-040380
+ stigid@almalinux8: RHEL-08-040380
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-215050
2021-09-15 11:41:44 +00:00
{{{ complete_ocil_entry_package(package="iprutils") }}}
diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
2024-03-04 15:52:37 +00:00
index cc3d2a62c..766658456 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -23,7 +23,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000803
2021-09-15 11:41:44 +00:00
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000120-GPOS-00061
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010162
2021-09-15 11:41:44 +00:00
- stigid@rhel8: RHEL-08-010162
+ stigid@almalinux8: RHEL-08-010162
2022-06-29 08:41:07 +00:00
platforms:
2023-02-21 13:38:18 +00:00
{{%- if "rhel" in product %}}
diff --git a/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
2024-03-04 15:52:37 +00:00
index f368ebbbe..dda7480b6 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -19,7 +19,7 @@ references:
2023-02-21 13:38:18 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040001
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="libreport-plugin-logger") }}}
diff --git a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 55e11e45e..d940adb5e 100644
2023-02-21 13:38:18 +00:00
--- a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -18,7 +18,7 @@ identifiers:
2023-10-30 15:13:07 +00:00
references:
2023-02-21 13:38:18 +00:00
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="libreport-plugin-rhtsupport") }}}
2022-06-29 08:41:07 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 5a020f452..a3769b969 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -18,7 +18,7 @@ identifiers:
2022-06-29 08:41:07 +00:00
references:
disa: CCI-000381
srg: SRG-OS-000095-GPOS-00049
- stigid@rhel8: RHEL-08-040001
+ stigid@almalinux8: RHEL-08-040001
{{{ complete_ocil_entry_package(package="python3-abrt-addon") }}}
2021-09-15 11:41:44 +00:00
diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
2024-03-04 15:52:37 +00:00
index 53b65dca1..fae286e73 100644
2021-09-15 11:41:44 +00:00
--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -21,7 +21,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010472
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-010472
+ stigid@almalinux8: RHEL-08-010472
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-215090
2021-11-17 13:33:00 +00:00
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
2024-03-04 15:52:37 +00:00
index 76bd27a31..566a46135 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
2024-03-04 15:52:37 +00:00
@@ -23,7 +23,7 @@ references:
2021-11-17 13:33:00 +00:00
disa: CCI-000366
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-040390
2021-11-17 13:33:00 +00:00
- stigid@rhel8: RHEL-08-040390
+ stigid@almalinux8: RHEL-08-040390
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-215055
2021-11-17 13:33:00 +00:00
{{{ complete_ocil_entry_package(package="tuned") }}}
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
2024-03-04 15:52:37 +00:00
index 71b66ebab..f51a5fa0a 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 34127fd17..e30b09600 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
2021-11-17 13:33:00 +00:00
2023-02-21 13:38:18 +00:00
{{% if 'sle' in product %}}
{{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}}
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
2024-03-04 15:52:37 +00:00
index 79ecf5d46..37f25dbcd 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
2024-03-04 15:52:37 +00:00
@@ -46,7 +46,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020200
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010440
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020200
- stigid@rhel8: RHEL-08-010440
+ stigid@almalinux8: RHEL-08-010440
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-214035
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010570
stigid@sle15: SLES-15-010560
2023-02-21 13:38:18 +00:00
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
index 4cba82b3c..1d8495018 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
file={{{ pkg_manager_config_file }}}
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
index 3b3bd71f7..d54501d5c 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
file={{{ pkg_manager_config_file }}}
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
index 8f2e4fac8..20d00061a 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
file={{{ pkg_manager_config_file }}}
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 55851cc05..62557d6e2 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_sle,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 9d6c3eba8..4c61c3c3c 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_sle,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..7912da04b
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
@@ -0,0 +1,39 @@
+# platform=multi_platform_almalinux
+# reboot = false
+# strategy = restrict
+# complexity = medium
+# disruption = medium
+- name: "Read permission of GPG key directory"
+ stat:
+ path: /etc/pki/rpm-gpg/
+ register: gpg_key_directory_permission
+ check_mode: no
+
+# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well.
+
+- name: Read signatures in GPG key
+ # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
+ command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
+ args:
+ warn: False
+ changed_when: False
+ register: gpg_fingerprints
+ check_mode: no
+
+- name: Set Fact - Installed GPG Fingerprints
+ set_fact:
+ gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}"
+
+- name: Set Fact - Valid fingerprints
+ set_fact:
+ gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}")
+
+- name: Import AlmaLinux GPG key
+ rpm_key:
+ state: present
+ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
+ when:
+ - gpg_key_directory_permission.stat.mode <= '0755'
+ - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
+ - gpg_installed_fingerprints | length > 0
+ - ansible_distribution == "AlmaLinux"
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..817ee6141
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,27 @@
2021-11-17 13:33:00 +00:00
+# platform = multi_platform_almalinux
2023-10-30 15:13:07 +00:00
+readonly ALMALINUX_FINGERPRINT="{{{ release_key_fingerprint }}}"
+readonly ALMALINUX_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}"
2021-11-17 13:33:00 +00:00
+
+# Location of the key we would like to import (once it's integrity verified)
+readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
+
+RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
+
+# Verify /etc/pki/rpm-gpg directory permissions are safe
+if [ "${RPM_GPG_DIR_PERMS}" -le "755" ]
+then
+ # If they are safe, try to obtain fingerprints from the key file
+ # (to ensure there won't be e.g. CRC error)
2023-10-30 15:13:07 +00:00
+ readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
2021-11-17 13:33:00 +00:00
+ GPG_RESULT=$?
+ # No CRC error, safe to proceed
+ if [ "${GPG_RESULT}" -eq "0" ]
+ then
+ # Filter just hexadecimal fingerprints from gpg's output from
+ # processing of a key file
2023-10-30 15:13:07 +00:00
+ echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}|${ALMALINUX_AUXILIARY_FINGERPRINT}" || {
+ # If $ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
2021-11-17 13:33:00 +00:00
+ rpm --import "${ALMALINUX_RELEASE_KEY}"
+ }
+ fi
+fi
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..cbc55c2d7
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,55 @@
2021-11-17 13:33:00 +00:00
+<def-group>
+ <definition class="compliance" id="ensure_almalinux_gpgkey_installed" version="1">
+ <metadata>
+ <title>AlmaLinux gpg-pubkey Package Installed</title>
+ <affected family="unix">
+ <platform>multi_platform_almalinux</platform>
+ </affected>
+ <description>The AlmaLinux key packages are required to be installed.</description>
+ </metadata>
+ <criteria comment="Vendor GPG keys" operator="OR">
+ <criteria comment="AlmaLinux Vendor GPG Keys" operator="AND">
+ <criteria comment="AlmaLinux Linux Release Installed" operator="OR">
+ <extend_definition comment="AlmaLinux 8 installed" definition_ref="installed_OS_is_almalinux8" />
+ </criteria>
2023-10-30 15:13:07 +00:00
+ <criterion comment="package gpg-pubkey-{{{ pkg_version }}}-{{{ pkg_release }}} is installed"
+ test_ref="test_package_gpgkey-{{{ pkg_version }}}-{{{ pkg_release }}}_installed" />
+ <criteria comment="Auxiliary AlmaLinux Key Installed" operator="OR">
+ <criterion comment="package gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}} is installed"
+ test_ref="test_package_gpgkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}_installed" />
2021-11-17 13:33:00 +00:00
+ </criteria>
+ </criteria>
+ </criteria>
+ </definition>
+
+ <!-- First define global "object_package_gpg-pubkey" to be shared (reused) across multiple tests -->
+ <linux:rpminfo_object id="object_package_gpg-pubkey" version="1">
+ <linux:name>gpg-pubkey</linux:name>
+ </linux:rpminfo_object>
+
+ <!-- Test for ALMALINUX8 key -->
+ <linux:rpminfo_test check="only one" check_existence="at_least_one_exists"
+ id="test_package_gpgkey-{{{ pkg_version }}}-{{{ pkg_release }}}_installed" version="1"
+ comment="AlmaLinux 8 key package is installed">
+ <linux:object object_ref="object_package_gpg-pubkey" />
+ <linux:state state_ref="state_package_gpg-pubkey-{{{ pkg_version }}}-{{{ pkg_release }}}" />
+ </linux:rpminfo_test>
+
+ <linux:rpminfo_state id="state_package_gpg-pubkey-{{{ pkg_version }}}-{{{ pkg_release }}}" version="1">
+ <linux:release>{{{ pkg_release }}}</linux:release>
+ <linux:version>{{{ pkg_version }}}</linux:version>
+ </linux:rpminfo_state>
+
2023-10-30 15:13:07 +00:00
+ <!-- Test for ALMALINUX8 auxiliary key -->
+ <linux:rpminfo_test check="only one" check_existence="at_least_one_exists"
+ id="test_package_gpgkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}_installed" version="1"
+ comment="AlmaLinux 8 auxiliary key package is installed">
+ <linux:object object_ref="object_package_gpg-pubkey" />
+ <linux:state state_ref="state_package_gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_state id="state_package_gpg-pubkey-{{{ aux_pkg_version }}}-{{{ aux_pkg_release }}}" version="1">
+ <linux:release>{{{ aux_pkg_release }}}</linux:release>
+ <linux:version>{{{ aux_pkg_version }}}</linux:version>
+ </linux:rpminfo_state>
+
2021-11-17 13:33:00 +00:00
+</def-group>
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..b53e57618
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
@@ -0,0 +1,46 @@
+documentation_complete: true
+
+prodtype: almalinux8
+
+title: 'Ensure AlmaLinux GPG Key Installed'
+
+description: |-
+ To ensure the system can cryptographically verify base software
+ packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed.
+ To install the AlmaLinux GPG key, run:
+ <pre>$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux</pre>
+ If the system is not connected to the Internet,
+ then install the AlmaLinux GPG key from trusted media such as
+ the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted
+ in <tt>/media/cdrom</tt>, use the following command as the root user to import
+ it into the keyring:
2023-10-30 15:13:07 +00:00
+ <pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-AlmaLinux</pre>
2021-11-17 13:33:00 +00:00
+
+rationale: |-
+ Changes to software components can have significant effects on the
+ overall security of the operating system. This requirement ensures
+ the software has not been tampered with and that it has been provided
+ by a trusted vendor. The AlmaLinux GPG key is necessary to
+ cryptographically verify packages are from AlmaLinux.
+
+severity: high
+
+references:
+ cis: 1.2.2
+ disa: CCI-001749
+ nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b)
+ nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
+ pcidss: Req-6.2
+ isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6'
+ isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4
+ cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
+ iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4
+ cis-csc: 11,2,3,9
+
+ocil_clause: 'the AlmaLinux GPG Key is not installed'
+
+ocil: |-
+ To ensure that the GPG key is installed, run:
+ <pre>$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey</pre>
+ The command should return the string below:
+ <pre>gpg(AlmaLinux &lt;packager@almalinux.org&gt;</pre>
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 2bf91c8ca..b5f520737 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
2022-06-29 08:41:07 +00:00
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2022-06-29 08:41:07 +00:00
{{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
2024-03-04 15:52:37 +00:00
index c66f7a6bb..e9a9c1c17 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
2024-03-04 15:52:37 +00:00
@@ -61,7 +61,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020050
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010370
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020050
- stigid@rhel8: RHEL-08-010370
+ stigid@almalinux8: RHEL-08-010370
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-214015
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010550
stigid@sle15: SLES-15-010430
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
2024-03-04 15:52:37 +00:00
index 91bc53932..46b35ab1f 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
2024-03-04 15:52:37 +00:00
@@ -42,7 +42,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020060
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010371
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020060
- stigid@rhel8: RHEL-08-010371
+ stigid@almalinux8: RHEL-08-010371
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-214020
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
ocil_clause: 'there is no process to validate certificates for local packages that is approved by the organization'
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
2024-03-04 15:52:37 +00:00
index 967e23bbb..4160832f8 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 07e02fa47..ee1d023d9 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
2023-02-21 13:38:18 +00:00
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
{{% if product in ["sle12", "sle15"] %}}
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
{{% else %}}
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
2024-03-04 15:52:37 +00:00
index de8e8ef47..fe8f9d75a 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
2024-03-04 15:52:37 +00:00
@@ -47,7 +47,7 @@ references:
2023-10-30 15:13:07 +00:00
pcidss4: "6.3.3"
2023-02-21 13:38:18 +00:00
srg: SRG-OS-000366-GPOS-00153
stigid@ol8: OL08-00-010370
- stigid@rhel8: RHEL-08-010370
+ stigid@almalinux8: RHEL-08-010370
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-214025
2023-02-21 13:38:18 +00:00
ocil_clause: 'GPG checking is disabled'
2022-06-29 08:41:07 +00:00
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
2023-02-21 13:38:18 +00:00
index 37e47e4d4..a852e856f 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
2023-02-21 13:38:18 +00:00
index 04ff6e577..b97d75469 100644
2022-06-29 08:41:07 +00:00
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
2023-10-30 15:13:07 +00:00
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
2024-03-04 15:52:37 +00:00
index 9ba251904..bc7c8889c 100644
2023-10-30 15:13:07 +00:00
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
@@ -59,7 +59,7 @@ references:
2024-03-04 15:52:37 +00:00
pcidss4: '6.3.3'
2023-10-30 15:13:07 +00:00
srg: SRG-OS-000366-GPOS-00153
stigid@rhel7: RHEL-07-010019
- stigid@rhel8: RHEL-08-010019
+ stigid@almalinux8: RHEL-08-010019
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-214010
2023-10-30 15:13:07 +00:00
ocil_clause: 'the Red Hat GPG Key is not installed'
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
2023-02-21 13:38:18 +00:00
index fd844d2a1..2932351f4 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
2021-09-15 11:41:44 +00:00
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
2021-11-17 13:33:00 +00:00
# reboot = true
# strategy = patch
2021-09-15 11:41:44 +00:00
# complexity = low
2021-11-17 13:33:00 +00:00
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
2024-03-04 15:52:37 +00:00
index dac777824..c4afe149f 100644
2021-11-17 13:33:00 +00:00
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
2024-03-04 15:52:37 +00:00
@@ -4,7 +4,7 @@ documentation_complete: true
2021-11-17 13:33:00 +00:00
title: 'Ensure Software Patches Installed'
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
description: |-
-{{% if product in ["rhel7", "rhel8"] %}}
+{{% if product in ["rhel7", "rhel8", "almalinux8"] %}}
If the system is joined to the Red Hat Network, a Red Hat Satellite Server,
or a yum server, run the following command to install updates:
<pre>$ sudo yum update</pre>
2024-03-04 15:52:37 +00:00
@@ -16,6 +16,11 @@ description: |-
2021-11-17 13:33:00 +00:00
<pre>$ sudo yum update</pre>
If the system is not configured to use one of these sources, updates (in the form of RPM packages)
can be manually downloaded from the ULN and installed using <tt>rpm</tt>.
+{{% elif product in ["almalinux8"] %}}
+ Run the following command to install updates:
+ <pre>$ sudo yum update</pre>
+ If the system is not configured to use repos, updates (in the form of RPM packages)
+ can be manually downloaded from the repos and installed using <tt>rpm</tt>.
{{% elif product in ["sle12", "sle15"] %}}
If the system is configured for online updates, invoking the following command will list available
security updates:
2024-03-04 15:52:37 +00:00
@@ -66,7 +71,7 @@ references:
2021-11-17 13:33:00 +00:00
stigid@ol7: OL07-00-020260
2022-06-29 08:41:07 +00:00
stigid@ol8: OL08-00-010010
2021-11-17 13:33:00 +00:00
stigid@rhel7: RHEL-07-020260
- stigid@rhel8: RHEL-08-010010
+ stigid@almalinux8: RHEL-08-010010
2024-03-04 15:52:37 +00:00
stigid@rhel9: RHEL-09-211015
2021-11-17 13:33:00 +00:00
stigid@sle12: SLES-12-010010
stigid@sle15: SLES-15-010010
diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..511fdc1c4
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/CMakeLists.txt
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,33 @@
2021-11-17 13:33:00 +00:00
+# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way.
2023-10-30 15:13:07 +00:00
+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
2021-11-17 13:33:00 +00:00
+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
+endif()
+
+set(PRODUCT "almalinux8")
+
+ssg_build_product(${PRODUCT})
+
2022-06-29 08:41:07 +00:00
+ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss")
+
+ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist")
2024-03-04 15:52:37 +00:00
+ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist")
2022-06-29 08:41:07 +00:00
+ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist")
2021-11-17 13:33:00 +00:00
+
2022-06-29 08:41:07 +00:00
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_enhanced" "${PRODUCT}" "anssi_bp28_enhanced" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_intermediary" "${PRODUCT}" "anssi_bp28_intermediary" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_high" "${PRODUCT}" "anssi_bp28_high" "anssi")
2021-11-17 13:33:00 +00:00
+
+ssg_build_html_cce_table(${PRODUCT})
+
2023-02-21 13:38:18 +00:00
+ssg_build_html_srgmap_tables(${PRODUCT})
2021-11-17 13:33:00 +00:00
+
+ssg_build_html_stig_tables(${PRODUCT})
2023-10-30 15:13:07 +00:00
+ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig")
+ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui")
2021-11-17 13:33:00 +00:00
+
+#ssg_build_html_stig_tables(${PRODUCT} "ospp")
2024-03-04 15:52:37 +00:00
+
+if(SSG_CENTOS_DERIVATIVES_ENABLED)
+ ssg_build_derivative_product(${PRODUCT} "centos" "centos8")
+endif()
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..ff05b3d8a
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,154 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
2023-02-21 13:38:18 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
2021-11-17 13:33:00 +00:00
+# Ensure /usr Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /opt Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /srv Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /home Located On Separate Partition
2022-06-29 08:41:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2023-02-21 13:38:18 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
2023-02-21 13:38:18 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
2023-02-21 13:38:18 +00:00
+#
2021-11-17 13:33:00 +00:00
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
2023-02-21 13:38:18 +00:00
+# scap-security-guide on the installation media:
2021-11-17 13:33:00 +00:00
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..ec2175fef
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,158 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2020-12-10
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
2021-11-17 13:33:00 +00:00
+# Ensure /usr Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /opt Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /srv Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /home Located On Separate Partition
2022-06-29 08:41:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..52c9bb262
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,154 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
2021-11-17 13:33:00 +00:00
+# Ensure /usr Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /opt Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /srv Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /home Located On Separate Partition
2022-06-29 08:41:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
2022-06-29 08:41:07 +00:00
+# scap-security-guide on the installation media:
2021-11-17 13:33:00 +00:00
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..4659ce9f3
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,118 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..4b702ec5a
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,128 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
2021-11-17 13:33:00 +00:00
+# Ensure /home Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /var/tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
2021-11-17 13:33:00 +00:00
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol swap --name=swap --vgname=VolGroup --size=2016
2021-11-17 13:33:00 +00:00
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_cis
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..16287a134
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,128 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol swap --name=swap --vgname=VolGroup --size=2016
2021-11-17 13:33:00 +00:00
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_cis_server_l1
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..0ee9ca23a
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,128 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol swap --name=swap --vgname=VolGroup --size=2016
2021-11-17 13:33:00 +00:00
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..d5286da91
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,128 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
2021-11-17 13:33:00 +00:00
+# Ensure /home Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# Ensure /tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
2021-11-17 13:33:00 +00:00
+# Ensure /var/tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
2021-11-17 13:33:00 +00:00
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol swap --name=swap --vgname=VolGroup --size=2016
2021-11-17 13:33:00 +00:00
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_cis_workstation_l2
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..e1237a0b2
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,149 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide CUI profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_cui
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..644f4613b
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,107 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2019-11-13
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with Essential Eight profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_e8
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..ff867ee54
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,107 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2020-05-25
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
2023-10-30 15:13:07 +00:00
+# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
2021-11-17 13:33:00 +00:00
+# encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with HIPAA profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_hipaa
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..e3c8f1040
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,106 @@
2024-03-04 15:52:37 +00:00
+# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+# Version: 0.0.1
+# Date: 2021-08-16
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+#
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
2023-10-30 15:13:07 +00:00
+bootloader
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with Essential Eight profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_ism_o
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..62b9ca40f
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,149 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_ospp
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..e997629e8
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,144 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
2023-10-30 15:13:07 +00:00
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow
2021-11-17 13:33:00 +00:00
+# CCE-26557-9: Ensure /home Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# CCE-26435-8: Ensure /tmp Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
2021-11-17 13:33:00 +00:00
+# CCE-26639-5: Ensure /var Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# CCE-26215-4: Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
2021-11-17 13:33:00 +00:00
+# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
+logvol swap --name=swap --vgname=VolGroup --size=2016
2021-11-17 13:33:00 +00:00
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_pci-dss
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..d00b911b5
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,151 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide STIG profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
+# scap-security-guide on the installation media:
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_stig
+%end
+
+# Packages selection (%packages section is required)
+%packages
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..bacba279f
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
2023-10-30 15:13:07 +00:00
@@ -0,0 +1,153 @@
2021-11-17 13:33:00 +00:00
+# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
2023-10-30 15:13:07 +00:00
+keyboard --vckeymap us
2021-11-17 13:33:00 +00:00
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot enable device at a boot time
+# --device device to be activated and / or configured with the network command
+# --bootproto method to obtain networking configuration for device (default dhcp)
+# --noipv6 disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled reject incoming connections that are not in response to outbound requests
+# --ssh allow sshd service through the firewall
+firewall --enabled --ssh
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
2023-10-30 15:13:07 +00:00
+# grub2-mkpasswd-pbkdf2
2021-11-17 13:33:00 +00:00
+# to see how to create encrypted password form for different plaintext password
2023-10-30 15:13:07 +00:00
+bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
2021-11-17 13:33:00 +00:00
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux erase all Linux partitions
+# --initlabel initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
2023-10-30 15:13:07 +00:00
+volgroup VolGroup pv.01
2021-11-17 13:33:00 +00:00
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+# Ensure /var/log/audit Located On Separate Partition
2023-10-30 15:13:07 +00:00
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
2021-11-17 13:33:00 +00:00
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
2022-06-29 08:41:07 +00:00
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
2021-11-17 13:33:00 +00:00
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# Important
+# Applying a security policy is not necessary on all systems. This screen should only be used
+# when a specific policy is mandated by your organization rules or government regulations.
+# Unlike most other commands, this add-on does not accept regular options, but uses key-value
+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+# Values can be optionally enclosed in single quotes (') or double quotes (").
2022-06-29 08:41:07 +00:00
+#
2021-11-17 13:33:00 +00:00
+# The following keys are recognized by the add-on:
+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+# - If the content-type is scap-security-guide, the add-on will use content provided by the
+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+# xccdf-id - ID of the benchmark you want to use.
+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+# profile - ID of the profile to be applied. Use default to apply the default profile.
+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+# The following is an example %addon org_fedora_oscap section which uses content from the
2022-06-29 08:41:07 +00:00
+# scap-security-guide on the installation media:
2021-11-17 13:33:00 +00:00
+%addon org_fedora_oscap
+ content-type = scap-security-guide
+ profile = xccdf_org.ssgproject.content_profile_stig_gui
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
2023-10-30 15:13:07 +00:00
+@Server with GUI
2021-11-17 13:33:00 +00:00
+
2023-10-30 15:13:07 +00:00
+%end
2021-11-17 13:33:00 +00:00
+
+# Reboot after the installation is complete (optional)
+# --eject attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/overlays/srg_support.xml b/products/almalinux8/overlays/srg_support.xml
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..08c87ea68
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/overlays/srg_support.xml
@@ -0,0 +1,173 @@
+<Group id="srg_support" hidden="true">
+<title>Documentation to Support DISA OS SRG Mapping</title>
+<description>These groups exist to document how the AlmaLinux
+product meets (or does not meet) requirements listed in the DISA OS SRG, for
+those cases where Groups or Rules elsewhere in scap-security-guide do
+not clearly relate.
+</description>
+
+
+<!-- The CCI/SRG items referenced here are:
+ - satisfied (through design and implementation)
+ - selected in DoD baseline (per CNSS 1253) -->
+<Rule id="met_inherently_generic">
+<title>Product Meets this Requirement</title>
+<rationale>
+AlmaLinux meets this requirement through design and implementation.
+</rationale>
+<ocil>AlmaLinux 8 supports this requirement and cannot be configured to be out of
+compliance. This is a permanent not a finding.
+</ocil>
+<description>
+This requirement is a permanent not a finding. No fix is required.
+</description>
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
+ it should not have CCE association -->
+<ref disa="15,42,56,206,1084,66,85,86,185,223,171,172,1694,770,804,162,163,164,345,346,1096,1111,1291,386,156,186,1083,1082,1090,804,1127,1128,1129,1248,1265,1314,1362,1368,1310,1311,1328,1399,1400,1404,1405,1427,1499,1632,1693,1665,1674" />
+</Rule>
+
+
+<!-- The CCI/SRG items referenced here relate to auditing, and are:
+ - satisfied (through design and implementation)
+ - selected in DoD baseline (per CNSS 1253) -->
+<Rule id="met_inherently_auditing">
+<title>Product Meets this Requirement</title>
+<rationale>
+The AlmaLinux audit system meets this requirement through design and implementation.
+</rationale>
+<ocil>The AlmaLinux 8 auditing system supports this requirement and cannot be configured to be out of
+compliance. Every audit record in AlmaLinux includes a timestamp, the operation attempted,
+success or failure of the operation, the subject involved (executable/process),
+the object involved (file/path), and security labels for the subject and object.
+It also includes the ability to label events with custom key labels. The auditing system
+centralizes the recording of audit events for the entire system and includes
+reduction (<tt>ausearch</tt>), reporting (<tt>aureport</tt>), and real-time
+response (<tt>audispd</tt>) facilities.
+This is a permanent not a finding.
+</ocil>
+<description>
+This requirement is a permanent not a finding. No fix is required.
+</description>
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
+ it should not have CCE association -->
+<ref disa="130,157,131,132,133,134,135,159,174" />
+</Rule>
+
+
+<!-- The CCI/SRG item referenced here are:
+ - satisfied (through design and implementation)
+ - not selected in a DoD baseline -->
+<Rule id="met_inherently_nonselected">
+<title>Product Meets this Requirement</title>
+<rationale>
+AlmaLinux meets this requirement through design and implementation.
+</rationale>
+<ocil>AlmaLinux 8 supports this requirement and cannot be configured to be out of
+compliance. This is a permanent not a finding.
+</ocil>
+<description>
+This requirement is a permanent not a finding. No fix is required.
+</description>
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
+ it should not have CCE association -->
+<ref disa="34,35,99,154,226,802,872,1086,1087,1089,1091,1424,1426,1428,1209,1214,1237,1269,1338,1425,1670" />
+</Rule>
+
+
+<!-- The CCI/SRG item listed here are:
+ - satisfied (by Rules in the guidance, which include the reference)
+ - not selected in DoD baseline -->
+<!-- disa="26,32,771,772,831,884,888,1095,1115,1117,1250,1348,1353,1464,1496" -->
+
+
+<!-- The CCI/SRG item referenced here are:
+ - not satisfied
+ - not selected in a DoD baseline
+ - considered out of scope -->
+<Rule id="unmet_nonfinding_nonselected_scope">
+<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
+<rationale>
+The guidance does not meet this requirement.
+The requirement is impractical or out of scope.
+</rationale>
+<ocil>
+AlmaLinux 8 cannot support this requirement without assistance from an external
+application, policy, or service. This requirement is NA.
+</ocil>
+<description>
+This requirement is NA. No fix is required.
+</description>
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
+ it should not have CCE association -->
+<ref disa="21,25,28,29,30,165,221,354,553,779,780,781,1009,1094,1123,1124,1125,1132,1135,1140,1141,1142,1143,1145,1147,1148,1166,1339,1340,1341,1350,1356,1373,1374,1383,1391,1392,1395,1662" />
+</Rule>
+
+
+<!-- The CCI/SRG items referenced here are:
+ - not satisfied
+ - not selected in a DoD baseline
+ - considered permanent findings -->
+<Rule id="unmet_finding_nonselected">
+<title>Implementation of the Requirement is Not Supported</title>
+<rationale>
+AlmaLinux 8 does not support this requirement.
+</rationale>
+<ocil>
+This is a permanent finding.
+</ocil>
+<description>
+This requirement is a permanent finding and cannot be fixed. An appropriate
+mitigation for the system must be implemented but this finding cannot be
+considered fixed.
+</description>
+<ref disa="20,31,52,144,1158,1294,1295,1500" />
+<!-- Note: CCI 52 supported for text login, but not graphical -->
+</Rule>
+
+
+<!-- The CCI/SRG items referenced here are:
+ - not satisfied
+ - selected in a DoD baseline
+ - considered NA -->
+<Rule id="unmet_nonfinding_scope">
+<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
+<rationale>
+The guidance does not meet this requirement.
+The requirement is impractical or out of scope.
+</rationale>
+<ocil>
+AlmaLinux 8 cannot support this requirement without assistance from an external
+application, policy, or service. This requirement is NA.
+</ocil>
+<description>
+This requirement is NA. No fix is required.
+</description>
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
+ it should not have CCE association -->
+<ref disa="27,218,219,371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150" />
+</Rule>
+
+<Rule id="update_process">
+<title>A process for prompt installation of OS updates must exist.</title>
+<rationale>
+This is a manual inquiry about update procedure.
+</rationale>
+<ocil>
+Ask an administrator if a process exists to promptly and automatically apply OS
+software updates. If such a process does not exist, this is a finding.
+<br /><br />
+If the OS update process limits automatic updates of software packages, where
+such updates would impede normal system operation, to scheduled maintenance
+windows, but still within IAVM-dictated timeframes, this is not a finding.
+</ocil>
+<description>
+Procedures to promptly apply software updates must be established and
+executed. The AlmaLinux operating system provides support for automating such a
+process, by running the yum program through a cron job or by managing the
2023-02-21 13:38:18 +00:00
+system and its packages through the Foreman.
2021-11-17 13:33:00 +00:00
+</description>
+<ref disa="1232" />
+<!-- Note: This is a process, as such, will not receive a CCE -->
+</Rule>
+
+</Group>
diff --git a/products/almalinux8/product.yml b/products/almalinux8/product.yml
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..536dc8a7c
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/product.yml
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,52 @@
2021-11-17 13:33:00 +00:00
+product: almalinux8
+full_name: AlmaLinux 8
+type: platform
+
2023-10-30 15:13:07 +00:00
+families:
+ - rhel
+ - rhel-like
+
+major_version_ordinal: 8
+
2022-06-29 08:41:07 +00:00
+benchmark_id: ALMALINUX-8
2021-11-17 13:33:00 +00:00
+benchmark_root: "../../linux_os/guide"
2023-10-30 15:13:07 +00:00
+components_root: "../../components"
2021-11-17 13:33:00 +00:00
+
+profiles_root: "./profiles"
+
+pkg_manager: "yum"
+
+init_system: "systemd"
+
2024-03-04 15:52:37 +00:00
+# The fingerprints below are retrieved from https://almalinux.org/security/
2021-11-17 13:33:00 +00:00
+pkg_release: "5ffd890e"
+pkg_version: "3abb34f8"
2023-10-30 15:13:07 +00:00
+aux_pkg_release: "6525146f"
+aux_pkg_version: "ced7258b"
2021-11-17 13:33:00 +00:00
+
2023-10-30 15:13:07 +00:00
+release_key_fingerprint: "5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
+auxiliary_key_fingerprint: "BC5EDDCADF502C077F1582882AE81E8ACED7258B"
2023-02-21 13:38:18 +00:00
+oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml.bz2"
2022-06-29 08:41:07 +00:00
+
2023-02-21 13:38:18 +00:00
+groups:
+ dedicated_ssh_keyowner:
+ name: ssh_keys
+
+faillock_path: "/var/log/faillock"
+
2021-11-17 13:33:00 +00:00
+cpes_root: "../../shared/applicability"
+cpes:
+ - almalinux8:
+ name: "cpe:/o:almalinux:almalinux:8"
+ title: "AlmaLinux 8"
+ check_id: installed_OS_is_almalinux8
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+ login_defs: "shadow-utils"
2022-06-29 08:41:07 +00:00
+
2024-03-04 15:52:37 +00:00
+
2022-06-29 08:41:07 +00:00
+reference_uris:
+ cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/'
2024-03-04 15:52:37 +00:00
+
+journald_conf_dir_path: /etc/systemd/journald.conf.d
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/anssi_bp28_enhanced.profile b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..b2a2419ee
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,43 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
2022-06-29 08:41:07 +00:00
+metadata:
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - marcusburghardt
2022-06-29 08:41:07 +00:00
+ - yuumasato
+
2021-11-17 13:33:00 +00:00
+title: 'ANSSI-BP-028 (enhanced)'
+
+description: |-
2023-10-30 15:13:07 +00:00
+ This profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level.
2021-11-17 13:33:00 +00:00
+
+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+ A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
2024-03-04 15:52:37 +00:00
+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
+
2021-11-17 13:33:00 +00:00
+selections:
+ - anssi:all:enhanced
2024-03-04 15:52:37 +00:00
+ - '!timer_logrotate_enabled'
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!cracklib_accounts_password_pam_minlen'
+ - '!sysctl_fs_protected_fifos'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!audit_rules_privileged_commands_rmmod'
+ - '!package_dracut-fips-aesni_installed'
+ - '!audit_rules_privileged_commands_modprobe'
+ - '!chronyd_configure_pool_and_server'
+ - '!accounts_passwords_pam_tally2'
+ - '!cracklib_accounts_password_pam_ucredit'
+ - '!cracklib_accounts_password_pam_dcredit'
+ - '!cracklib_accounts_password_pam_lcredit'
+ - '!sysctl_fs_protected_regular'
+ - '!grub2_mds_argument'
+ - '!cracklib_accounts_password_pam_ocredit'
+ - '!grub2_page_alloc_shuffle_argument'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!audit_rules_privileged_commands_insmod'
+ - '!ensure_oracle_gpgkey_installed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/anssi_bp28_high.profile b/products/almalinux8/profiles/anssi_bp28_high.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..12bd15638
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_high.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,50 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
2022-06-29 08:41:07 +00:00
+metadata:
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - marcusburghardt
2022-06-29 08:41:07 +00:00
+ - yuumasato
+
2021-11-17 13:33:00 +00:00
+title: 'ANSSI-BP-028 (high)'
+
+description: |-
2023-10-30 15:13:07 +00:00
+ This profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.
2021-11-17 13:33:00 +00:00
+
+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+ A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
2024-03-04 15:52:37 +00:00
+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
+
2021-11-17 13:33:00 +00:00
+selections:
+ - anssi:all:high
2023-10-30 15:13:07 +00:00
+ # the following rule renders UEFI systems unbootable
+ - '!sebool_secure_mode_insmod'
2024-03-04 15:52:37 +00:00
+ - '!timer_logrotate_enabled'
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!kernel_config_gcc_plugin_structleak_byref_all'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!aide_periodic_checking_systemd_timer'
+ - '!audit_rules_privileged_commands_rmmod'
+ - '!grub2_mds_argument'
+ - '!audit_rules_privileged_commands_modprobe'
+ - '!package_dracut-fips-aesni_installed'
+ - '!cracklib_accounts_password_pam_lcredit'
+ - '!sysctl_fs_protected_regular'
+ - '!cracklib_accounts_password_pam_ocredit'
+ - '!kernel_config_gcc_plugin_stackleak'
+ - '!audit_rules_privileged_commands_insmod'
+ - '!chronyd_configure_pool_and_server'
+ - '!accounts_passwords_pam_tally2'
+ - '!cracklib_accounts_password_pam_ucredit'
+ - '!kernel_config_legacy_vsyscall_xonly'
+ - '!kernel_config_gcc_plugin_randstruct'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!cracklib_accounts_password_pam_minlen'
+ - '!sysctl_fs_protected_fifos'
+ - '!cracklib_accounts_password_pam_dcredit'
+ - '!grub2_page_alloc_shuffle_argument'
+ - '!ensure_oracle_gpgkey_installed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/anssi_bp28_intermediary.profile b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..f99e4622a
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,37 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
2022-06-29 08:41:07 +00:00
+metadata:
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - marcusburghardt
2022-06-29 08:41:07 +00:00
+ - yuumasato
+
2021-11-17 13:33:00 +00:00
+title: 'ANSSI-BP-028 (intermediary)'
+
+description: |-
2023-10-30 15:13:07 +00:00
+ This profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level.
2021-11-17 13:33:00 +00:00
+
+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+ A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
2024-03-04 15:52:37 +00:00
+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
+
2021-11-17 13:33:00 +00:00
+selections:
+ - anssi:all:intermediary
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!cracklib_accounts_password_pam_minlen'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!grub2_mds_argument'
+ - '!sysctl_fs_protected_fifos'
+ - '!accounts_passwords_pam_tally2'
+ - '!cracklib_accounts_password_pam_ucredit'
+ - '!cracklib_accounts_password_pam_dcredit'
+ - '!cracklib_accounts_password_pam_lcredit'
+ - '!sysctl_fs_protected_regular'
+ - '!cracklib_accounts_password_pam_ocredit'
+ - '!grub2_page_alloc_shuffle_argument'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!ensure_oracle_gpgkey_installed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/anssi_bp28_minimal.profile b/products/almalinux8/profiles/anssi_bp28_minimal.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..aa606b38b
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_minimal.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,33 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
2022-06-29 08:41:07 +00:00
+metadata:
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - marcusburghardt
2022-06-29 08:41:07 +00:00
+ - yuumasato
+
2021-11-17 13:33:00 +00:00
+title: 'ANSSI-BP-028 (minimal)'
+
+description: |-
2023-10-30 15:13:07 +00:00
+ This profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level.
2021-11-17 13:33:00 +00:00
+
+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+ A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
2024-03-04 15:52:37 +00:00
+ An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
+ https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
+
2021-11-17 13:33:00 +00:00
+selections:
+ - anssi:all:minimal
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!cracklib_accounts_password_pam_minlen'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2'
+ - '!cracklib_accounts_password_pam_ucredit'
+ - '!cracklib_accounts_password_pam_dcredit'
+ - '!cracklib_accounts_password_pam_lcredit'
+ - '!cracklib_accounts_password_pam_ocredit'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!ensure_oracle_gpgkey_installed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/cis.profile b/products/almalinux8/profiles/cis.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..c52f6b4c4
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cis.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,26 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: 3.0.0
2021-11-17 13:33:00 +00:00
+ SMEs:
2023-02-21 13:38:18 +00:00
+ - marcusburghardt
2021-11-17 13:33:00 +00:00
+ - vojtapolasek
+ - yuumasato
+
2022-06-29 08:41:07 +00:00
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
2021-11-17 13:33:00 +00:00
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 2 - Server"
2024-03-04 15:52:37 +00:00
+ configuration from the Center for Internet Security®
2023-02-21 13:38:18 +00:00
+ AlmaLinux OS 8 Benchmark™, v2.0.0, released 05-31-2022.
2021-11-17 13:33:00 +00:00
+
+ This profile includes Center for Internet Security®
+ AlmaLinux OS 8 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel8:all:l2_server
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!file_owner_at_allow'
+ - '!package_dnsmasq_removed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/cis_server_l1.profile b/products/almalinux8/profiles/cis_server_l1.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..19b6dfc97
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cis_server_l1.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,26 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: 3.0.0
2021-11-17 13:33:00 +00:00
+ SMEs:
2023-02-21 13:38:18 +00:00
+ - marcusburghardt
2021-11-17 13:33:00 +00:00
+ - vojtapolasek
+ - yuumasato
+
2022-06-29 08:41:07 +00:00
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
2021-11-17 13:33:00 +00:00
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Server'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 1 - Server"
2024-03-04 15:52:37 +00:00
+ configuration from the Center for Internet Security®
2023-02-21 13:38:18 +00:00
+ AlmaLinux OS 8 Benchmark™, v2.0.0, released 05-31-2022.
2021-11-17 13:33:00 +00:00
+
+ This profile includes Center for Internet Security®
+ AlmaLinux OS 8 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel8:all:l1_server
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!file_owner_at_allow'
+ - '!package_dnsmasq_removed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/cis_workstation_l1.profile b/products/almalinux8/profiles/cis_workstation_l1.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..a36fed734
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cis_workstation_l1.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,26 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: 3.0.0
2021-11-17 13:33:00 +00:00
+ SMEs:
2023-02-21 13:38:18 +00:00
+ - marcusburghardt
2021-11-17 13:33:00 +00:00
+ - vojtapolasek
+ - yuumasato
+
2022-06-29 08:41:07 +00:00
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
2021-11-17 13:33:00 +00:00
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Workstation'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 1 - Workstation"
2024-03-04 15:52:37 +00:00
+ configuration from the Center for Internet Security®
2023-02-21 13:38:18 +00:00
+ AlmaLinux OS 8 Benchmark™, v2.0.0, released 05-31-2022.
2021-11-17 13:33:00 +00:00
+
+ This profile includes Center for Internet Security®
+ AlmaLinux OS 8 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel8:all:l1_workstation
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!file_owner_at_allow'
+ - '!package_dnsmasq_removed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/cis_workstation_l2.profile b/products/almalinux8/profiles/cis_workstation_l2.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..f5e158ff0
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cis_workstation_l2.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,26 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: 3.0.0
2021-11-17 13:33:00 +00:00
+ SMEs:
2023-02-21 13:38:18 +00:00
+ - marcusburghardt
2021-11-17 13:33:00 +00:00
+ - vojtapolasek
+ - yuumasato
+
2022-06-29 08:41:07 +00:00
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
2021-11-17 13:33:00 +00:00
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Workstation'
+
+description: |-
+ This profile defines a baseline that aligns to the "Level 2 - Workstation"
2024-03-04 15:52:37 +00:00
+ configuration from the Center for Internet Security®
2023-02-21 13:38:18 +00:00
+ AlmaLinux OS 8 Benchmark™, v2.0.0, released 05-31-2022.
2021-11-17 13:33:00 +00:00
+
+ This profile includes Center for Internet Security®
+ AlmaLinux OS 8 CIS Benchmarks™ content.
+
+selections:
+ - cis_rhel8:all:l2_workstation
2024-03-04 15:52:37 +00:00
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!file_owner_at_allow'
+ - '!package_dnsmasq_removed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/cjis.profile b/products/almalinux8/profiles/cjis.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..e4202eccc
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cjis.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,145 @@
+documentation_complete: true
+
+hidden: true
2021-11-17 13:33:00 +00:00
+
+metadata:
+ version: 5.4
+ SMEs:
2022-06-29 08:41:07 +00:00
+ - ggbecker
2021-11-17 13:33:00 +00:00
+
+reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
+
+title: 'Criminal Justice Information Services (CJIS) Security Policy'
+
+description: |-
+ This profile is derived from FBI's CJIS v5.4
+ Security Policy. A copy of this policy can be found at the CJIS Security
+ Policy Resource Center:
+
+ https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
+
+selections:
+ - service_auditd_enabled
+ - grub2_audit_argument
+ - auditd_data_retention_num_logs
+ - auditd_data_retention_max_log_file
+ - auditd_data_retention_max_log_file_action
+ - auditd_data_retention_space_left_action
+ - auditd_data_retention_admin_space_left_action
+ - auditd_data_retention_action_mail_acct
+ - auditd_audispd_syslog_plugin_activated
+ - audit_rules_time_adjtimex
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_clock_settime
+ - audit_rules_time_watch_localtime
+ - audit_rules_usergroup_modification
+ - audit_rules_networkconfig_modification
+ - file_permissions_var_log_audit
+ - file_ownership_var_log_audit
+ - audit_rules_mac_modification
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+ - audit_rules_login_events
+ - audit_rules_session_events
+ - audit_rules_unsuccessful_file_modification
+ - audit_rules_privileged_commands
+ - audit_rules_media_export
+ - audit_rules_file_deletion_events
+ - audit_rules_sysadmin_actions
+ - audit_rules_kernel_module_loading
+ - audit_rules_immutable
+ - account_unique_name
+ - gid_passwd_group_same
+ - accounts_password_all_shadowed
+ - no_empty_passwords
+ - display_login_attempts
+ - var_accounts_maximum_age_login_defs=90
+ - var_password_pam_unix_remember=10
+ - var_account_disable_post_pw_expiration=0
+ - var_password_pam_minlen=12
+ - var_accounts_minimum_age_login_defs=1
+ - var_password_pam_difok=6
+ - var_accounts_max_concurrent_login_sessions=3
+ - account_disable_post_pw_expiration
+ - accounts_password_pam_minlen
+ - accounts_minimum_age_login_defs
+ - accounts_password_pam_difok
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - accounts_max_concurrent_login_sessions
+ - set_password_hashing_algorithm_systemauth
2022-06-29 08:41:07 +00:00
+ - set_password_hashing_algorithm_passwordauth
2021-11-17 13:33:00 +00:00
+ - set_password_hashing_algorithm_logindefs
+ - set_password_hashing_algorithm_libuserconf
+ - file_owner_etc_shadow
+ - file_groupowner_etc_shadow
+ - file_permissions_etc_shadow
+ - file_owner_etc_group
+ - file_groupowner_etc_group
+ - file_permissions_etc_group
+ - file_owner_etc_passwd
+ - file_groupowner_etc_passwd
+ - file_permissions_etc_passwd
+ - file_owner_grub2_cfg
+ - file_groupowner_grub2_cfg
+ - var_password_pam_retry=5
+ - var_accounts_passwords_pam_faillock_deny=5
+ - var_accounts_passwords_pam_faillock_unlock_time=600
+ - dconf_db_up_to_date
+ - dconf_gnome_screensaver_idle_delay
2023-02-21 13:38:18 +00:00
+ - dconf_gnome_session_idle_user_locks
2021-11-17 13:33:00 +00:00
+ - dconf_gnome_screensaver_idle_activation_enabled
+ - dconf_gnome_screensaver_lock_enabled
+ - dconf_gnome_screensaver_mode_blank
+ - sshd_allow_only_protocol2
+ - sshd_set_idle_timeout
+ - var_sshd_set_keepalive=0
+ - sshd_set_keepalive_0
+ - disable_host_auth
+ - sshd_disable_root_login
+ - sshd_disable_empty_passwords
+ - sshd_enable_warning_banner
+ - sshd_do_not_permit_user_env
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+ - kernel_module_dccp_disabled
+ - kernel_module_sctp_disabled
+ - service_firewalld_enabled
+ - set_firewalld_default_zone
+ - firewalld_sshd_port_enabled
+ - sshd_idle_timeout_value=30_minutes
+ - inactivity_timeout_value=30_minutes
+ - sysctl_net_ipv4_conf_default_accept_source_route
+ - sysctl_net_ipv4_tcp_syncookies
+ - sysctl_net_ipv4_conf_all_send_redirects
+ - sysctl_net_ipv4_conf_default_send_redirects
+ - sysctl_net_ipv4_conf_all_accept_redirects
+ - sysctl_net_ipv4_conf_default_accept_redirects
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+ - var_password_pam_ocredit=1
+ - var_password_pam_dcredit=1
+ - var_password_pam_ucredit=1
+ - var_password_pam_lcredit=1
+ - package_aide_installed
+ - aide_build_database
+ - aide_periodic_cron_checking
+ - rpm_verify_permissions
+ - rpm_verify_hashes
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_never_disabled
+ - security_patches_up_to_date
+ - kernel_module_bluetooth_disabled
diff --git a/products/almalinux8/profiles/cui.profile b/products/almalinux8/profiles/cui.profile
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..216999b09
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/cui.profile
@@ -0,0 +1,32 @@
+documentation_complete: true
+
+metadata:
+ version: TBD
+ SMEs:
2022-06-29 08:41:07 +00:00
+ - ggbecker
2021-11-17 13:33:00 +00:00
+
+title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)'
+
+description: |-
+ From NIST 800-171, Section 2.2:
+ Security requirements for protecting the confidentiality of CUI in nonfederal
+ information systems and organizations have a well-defined structure that
+ consists of:
+
+ (i) a basic security requirements section;
+ (ii) a derived security requirements section.
+
+ The basic security requirements are obtained from FIPS Publication 200, which
+ provides the high-level and fundamental security requirements for federal
+ information and information systems. The derived security requirements, which
+ supplement the basic security requirements, are taken from the security controls
+ in NIST Special Publication 800-53.
+
2023-02-21 13:38:18 +00:00
+ This profile configures AlmaLinux 8 to the NIST Special
2021-11-17 13:33:00 +00:00
+ Publication 800-53 controls identified for securing Controlled Unclassified
+ Information (CUI)."
+
+extends: ospp
+
+selections:
+ - inactivity_timeout_value=10_minutes
2024-03-04 15:52:37 +00:00
diff --git a/products/almalinux8/profiles/default.profile b/products/almalinux8/profiles/default.profile
new file mode 100644
index 000000000..127bef3cc
--- /dev/null
+++ b/products/almalinux8/profiles/default.profile
@@ -0,0 +1,711 @@
+documentation_complete: true
+
+hidden: true
+
+title: Default Profile for Red Hat Enterprise Linux 8
+
+description: |-
+ This profile contains all the rules that once belonged to the
+ rhel8 product via 'prodtype'. This profile won't
+ be rendered into an XCCDF Profile entity, nor it will select any
+ of these rules by default. The only purpose of this profile
+ is to keep a rule in the product's XCCDF Benchmark.
+
+selections:
+ - sebool_nfsd_anon_write
+ - sebool_squid_connect_any
+ - sebool_polipo_connect_all_unreserved
+ - audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write
+ - mount_option_var_tmp_bind
+ - sebool_selinuxuser_use_ssh_chroot
+ - sebool_condor_tcp_network_connect
+ - aide_use_fips_hashes
+ - sebool_xserver_object_manager
+ - mount_option_home_grpquota
+ - sebool_mpd_enable_homedirs
+ - auditd_data_retention_max_log_file_action_stig
+ - sebool_logadm_exec_content
+ - install_mcafee_antivirus
+ - httpd_configure_documentroot
+ - auditd_audispd_encrypt_sent_records
+ - audit_rules_unsuccessful_file_modification_openat_rule_order
+ - sebool_logwatch_can_network_connect_mail
+ - sebool_mpd_use_nfs
+ - sebool_virt_use_sanlock
+ - disable_anacron
+ - kernel_module_vfat_disabled
+ - sebool_xguest_use_bluetooth
+ - sebool_puppetagent_manage_all_files
+ - sebool_staff_use_svirt
+ - audit_rules_successful_file_modification_lsetxattr
+ - sebool_daemons_enable_cluster_mode
+ - package_samba-common_installed
+ - sebool_httpd_enable_cgi
+ - harden_openssl_crypto_policy
+ - dir_perms_world_writable_system_owned
+ - xwindows_remove_packages
+ - package_iptables-services_removed
+ - sebool_httpd_can_network_memcache
+ - sebool_git_system_use_nfs
+ - sudoers_no_root_target
+ - enable_ldap_client
+ - sebool_httpd_can_connect_zabbix
+ - sebool_samba_portmapper
+ - audit_rules_etc_shadow_open
+ - sebool_httpd_graceful_shutdown
+ - httpd_limit_java_files
+ - sebool_ftpd_use_fusefs
+ - service_cups_disabled
+ - sebool_selinuxuser_ping
+ - package_pigz_removed
+ - sebool_unconfined_chrome_sandbox_transition
+ - avahi_prevent_port_sharing
+ - package_ntpdate_removed
+ - sebool_gitosis_can_sendmail
+ - set_loopback_traffic
+ - ntpd_specify_multiple_servers
+ - firewalld_sshd_disabled
+ - audit_rules_unsuccessful_file_modification_renameat
+ - sebool_pcp_read_generic_logs
+ - package_abrt-plugin-rhtsupport_removed
+ - sebool_httpd_run_ipa
+ - sebool_selinuxuser_share_music
+ - file_groupowner_var_log_syslog
+ - httpd_configure_perl_taint
+ - service_netfs_disabled
+ - sebool_dbadm_manage_user_files
+ - sebool_smbd_anon_write
+ - auditd_audispd_configure_remote_server
+ - service_ypserv_disabled
+ - sebool_nagios_run_sudo
+ - sebool_dbadm_exec_content
+ - package_ntp_installed
+ - package_cron_installed
+ - sebool_abrt_anon_write
+ - dconf_gnome_screensaver_idle_activation_locked
+ - audit_rules_successful_file_modification_unlinkat
+ - httpd_entrust_passwords
+ - httpd_proxy_support
+ - package_audit-audispd-plugins_installed
+ - sebool_xserver_clients_write_xshm
+ - service_rpcidmapd_disabled
+ - sebool_xdm_exec_bootloader
+ - sebool_httpd_serve_cobbler_files
+ - httpd_configure_log_format
+ - sebool_use_ecryptfs_home_dirs
+ - sebool_container_connect_any
+ - sebool_sge_domain_can_network_connect
+ - sebool_staff_exec_content
+ - file_permissions_home_dirs
+ - audit_rules_privileged_commands_newgidmap
+ - sebool_ssh_chroot_rw_homedirs
+ - sebool_virt_use_xserver
+ - no_netrc_files
+ - sebool_mozilla_plugin_use_spice
+ - package_libcap-ng-utils_installed
+ - sebool_abrt_handle_event
+ - sebool_tmpreaper_use_nfs
+ - sebool_httpd_can_connect_ldap
+ - ftp_restrict_to_anon
+ - sebool_mmap_low_allowed
+ - sebool_glance_use_fusefs
+ - sebool_httpd_dontaudit_search_dirs
+ - sebool_named_tcp_bind_http_port
+ - auditd_audispd_network_failure_action
+ - sebool_wine_mmap_zero_ignore
+ - sebool_cluster_use_execmem
+ - audit_rules_privileged_commands_usernetctl
+ - dconf_gnome_disable_user_admin
+ - sebool_ftpd_use_nfs
+ - sebool_httpd_use_fusefs
+ - service_iptables_enabled
+ - sebool_tor_bind_all_unreserved_ports
+ - httpd_configure_banner_page
+ - httpd_install_mod_ssl
+ - sebool_httpd_use_openstack
+ - sebool_icecast_use_any_tcp_ports
+ - sebool_virt_sandbox_use_all_caps
+ - audit_rules_unsuccessful_file_modification_rename
+ - package_binutils_installed
+ - sebool_openshift_use_nfs
+ - sebool_mailman_use_fusefs
+ - sebool_nfs_export_all_rw
+ - service_sysstat_disabled
+ - sebool_httpd_dbus_avahi
+ - dir_perms_etc_httpd_conf
+ - logwatch_configured_splithosts
+ - mount_option_smb_client_signing
+ - grub2_no_removeable_media
+ - audit_rules_successful_file_modification_open_o_trunc_write
+ - httpd_no_compilers_in_prod
+ - sebool_mplayer_execstack
+ - sebool_virt_sandbox_use_mknod
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
+ - sebool_fcron_crond
+ - sebool_httpd_read_user_content
+ - sebool_samba_domain_controller
+ - service_sshd_disabled
+ - sebool_cobbler_anon_write
+ - audit_rules_successful_file_modification_openat_o_trunc_write
+ - audit_rules_successful_file_modification_removexattr
+ - sebool_xdm_write_home
+ - sebool_httpd_mod_auth_pam
+ - audit_rules_successful_file_modification_fchownat
+ - service_httpd_disabled
+ - sebool_pppd_for_user
+ - sebool_rsync_export_all_ro
+ - audit_rules_successful_file_modification_open_o_creat
+ - install_hids
+ - sebool_authlogin_radius
+ - httpd_configure_remote_session_encryption
+ - sebool_swift_can_network
+ - dhcp_server_disable_ddns
+ - sudo_restrict_others_executable_permission
+ - sshd_disable_pubkey_auth
+ - sebool_tor_can_network_relay
+ - postfix_server_banner
+ - sebool_virt_use_samba
+ - nfs_fixed_statd_port
+ - audit_privileged_commands_reboot
+ - sysctl_kernel_core_uses_pid
+ - install_mcafee_hbss_pa
+ - sebool_spamassassin_can_network
+ - package_syslogng_installed
+ - sebool_selinuxuser_postgresql_connect_enabled
+ - sebool_virt_sandbox_use_sys_admin
+ - httpd_ldap_support
+ - network_disable_zeroconf
+ - sebool_irssi_use_full_network
+ - sebool_sysadm_exec_content
+ - sebool_polipo_use_cifs
+ - sebool_samba_load_libgfapi
+ - package_rpcbind_removed
+ - sebool_samba_run_unconfined
+ - sebool_webadm_manage_user_files
+ - cups_disable_browsing
+ - service_certmonger_disabled
+ - sebool_zoneminder_run_sudo
+ - sebool_ftpd_anon_write
+ - sebool_rsync_anon_write
+ - install_mcafee_hbss_accm
+ - mount_option_proc_hidepid
+ - sebool_nfs_export_all_ro
+ - audit_rules_unsuccessful_file_modification_chown
+ - sebool_selinuxuser_udp_server
+ - sebool_cups_execmem
+ - httpd_enable_loglevel
+ - network_ipv6_disable_rpc
+ - sebool_httpd_execmem
+ - sebool_httpd_sys_script_anon_write
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
+ - sebool_ftpd_use_cifs
+ - audit_rules_etc_shadow_open_by_handle_at
+ - sebool_mysql_connect_any
+ - audit_rules_privileged_commands_pt_chown
+ - sebool_httpd_can_sendmail
+ - sebool_prosody_bind_http_port
+ - sebool_httpd_use_sasl
+ - sssd_memcache_timeout
+ - configure_opensc_card_drivers
+ - sebool_tftp_home_dir
+ - sebool_gssd_read_tmp
+ - sebool_squid_use_tproxy
+ - sebool_httpd_ssi_exec
+ - sebool_use_lpd_server
+ - httpd_restrict_root_directory
+ - audit_rules_successful_file_modification_open_by_handle_at_o_creat
+ - grub2_nousb_argument
+ - sebool_unconfined_login
+ - account_use_centralized_automated_auth
+ - httpd_configure_valid_server_cert
+ - sebool_xdm_bind_vnc_tcp_port
+ - sebool_deny_ptrace
+ - sebool_postgresql_selinux_transmit_client_label
+ - sysctl_net_ipv6_conf_all_disable_ipv6
+ - sebool_smartmon_3ware
+ - dconf_gnome_login_retries
+ - dhcp_server_configure_logging
+ - audit_rules_unsuccessful_file_modification_setxattr
+ - sudo_vdsm_nopasswd
+ - sebool_global_ssp
+ - package_iptables-services_installed
+ - service_smb_disabled
+ - sebool_virt_rw_qemu_ga_data
+ - sebool_selinuxuser_tcp_server
+ - package_inetutils-telnetd_removed
+ - audit_rules_successful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_fchmod
+ - service_ntpd_enabled
+ - file_permissions_httpd_server_conf_files
+ - sebool_httpd_use_gpg
+ - sysconfig_networking_bootproto_ifcfg
+ - sebool_spamd_enable_home_dirs
+ - package_openldap-servers_removed
+ - avahi_disable_publishing
+ - audit_rules_successful_file_modification_fchmod
+ - dns_server_disable_dynamic_updates
+ - sebool_fenced_can_network_connect
+ - sebool_virt_use_nfs
+ - sebool_lsmd_plugin_connect_any
+ - account_passwords_pam_faillock_dir
+ - package_iptables_installed
+ - httpd_configure_script_permissions
+ - sebool_authlogin_yubikey
+ - sebool_authlogin_nsswitch_use_ldap
+ - dconf_gnome_disable_geolocation
+ - sebool_httpd_run_preupgrade
+ - sebool_httpd_use_cifs
+ - sebool_telepathy_tcp_connect_generic_network_ports
+ - httpd_cache_support
+ - dir_perms_var_log_httpd
+ - nfs_fixed_lockd_udp_port
+ - sebool_entropyd_use_audio
+ - accounts_users_home_files_ownership
+ - sebool_httpd_enable_ftp_server
+ - sebool_postgresql_selinux_users_ddl
+ - http_configure_log_file_ownership
+ - xwindows_runlevel_target
+ - package_talk-server_removed
+ - kernel_module_ipv6_option_disabled
+ - sebool_cobbler_use_nfs
+ - sebool_mozilla_plugin_can_network_connect
+ - httpd_restrict_web_directory
+ - sebool_ftpd_full_access
+ - sebool_mcelog_foreground
+ - sebool_xguest_exec_content
+ - sebool_daemons_dump_core
+ - audit_rules_successful_file_modification_renameat
+ - uefi_no_removeable_media
+ - kernel_module_cfg80211_disabled
+ - sebool_git_cgi_use_cifs
+ - sebool_virt_sandbox_use_netlink
+ - enable_dconf_user_profile
+ - service_dhcpd_disabled
+ - smb_server_disable_root
+ - service_nfslock_disabled
+ - auditd_data_retention_admin_space_left_percentage
+ - sebool_openvpn_run_unconfined
+ - package_sssd_installed
+ - sebool_gluster_anon_write
+ - audit_rules_successful_file_modification_open
+ - sebool_secure_mode_insmod
+ - sebool_nscd_use_shm
+ - sebool_ksmtuned_use_cifs
+ - sebool_nagios_run_pnp4nagios
+ - sebool_selinuxuser_direct_dri_enabled
+ - sebool_haproxy_connect_any
+ - audit_rules_etc_shadow_openat
+ - dns_server_authenticate_zone_transfers
+ - sebool_pppd_can_insmod
+ - sebool_glance_api_can_network
+ - httpd_serversignature_off
+ - accounts_passwords_pam_faillock_enforce_local
+ - sebool_mozilla_plugin_use_bluejeans
+ - sebool_mozilla_read_content
+ - restrict_nfs_clients_to_privileged_ports
+ - sebool_virt_use_usb
+ - sebool_virt_use_execmem
+ - install_antivirus
+ - sebool_virt_read_qemu_ga_data
+ - service_vsftpd_disabled
+ - sebool_user_exec_content
+ - sebool_gluster_export_all_ro
+ - sebool_mcelog_server
+ - package_nss-tools_installed
+ - sebool_mount_anyfile
+ - sebool_sge_use_nfs
+ - service_saslauthd_disabled
+ - sebool_daemons_use_tty
+ - sebool_mcelog_client
+ - sebool_rsync_client
+ - sebool_privoxy_connect_any
+ - postfix_client_configure_relayhost
+ - audit_privileged_commands_init
+ - sebool_httpd_builtin_scripting
+ - iptables_sshd_disabled
+ - grub2_ipv6_disable_argument
+ - etc_system_fips_exists
+ - dconf_gnome_disable_thumbnailers
+ - sebool_varnishd_connect_any
+ - ensure_gpgcheck_repo_metadata
+ - audit_rules_for_ospp
+ - package_rsh_removed
+ - network_ipv6_privacy_extensions
+ - dconf_gnome_enable_smartcard_auth
+ - httpd_servertokens_prod
+ - service_postfix_enabled
+ - package_openssh-server_removed
+ - timer_logrotate_enabled
+ - httpd_limit_available_methods
+ - sebool_httpd_can_connect_mythtv
+ - audit_rules_successful_file_modification_lchown
+ - sebool_tftp_anon_write
+ - dhcp_server_deny_decline
+ - sebool_cobbler_can_network_connect
+ - sebool_samba_export_all_ro
+ - service_cron_enabled
+ - httpd_webdav
+ - service_rhnsd_disabled
+ - httpd_configure_max_keepalive_requests
+ - audit_rules_successful_file_modification_unlink
+ - wireless_disable_in_bios
+ - no_all_squash_exports
+ - sebool_use_samba_home_dirs
+ - audit_rules_etc_gshadow_openat
+ - service_ufw_enabled
+ - package_psacct_installed
+ - network_disable_ddns_interfaces
+ - nfs_no_anonymous
+ - dir_permissions_binary_dirs
+ - sebool_xend_run_blktap
+ - dconf_gnome_disable_wifi_notification
+ - package_nis_removed
+ - httpd_server_side_includes
+ - audit_rules_etc_passwd_open
+ - dhcp_client_restrict_options
+ - sebool_openvpn_can_network_connect
+ - httpd_server_configuration_display
+ - account_emergency_expire_date
+ - sebool_unconfined_mozilla_plugin_transition
+ - audit_rules_unsuccessful_file_modification_lremovexattr
+ - file_permissions_var_log_syslog
+ - sebool_git_cgi_enable_homedirs
+ - dovecot_configure_ssl_cert
+ - audit_rules_etc_passwd_open_by_handle_at
+ - audit_rules_privileged_commands_at
+ - sebool_virt_use_fusefs
+ - avahi_ip_only
+ - kernel_module_iwlmvm_disabled
+ - service_ntp_enabled
+ - file_owner_var_log_syslog
+ - service_ip6tables_enabled
+ - sebool_logging_syslogd_run_nagios_plugins
+ - sebool_mozilla_plugin_use_gps
+ - service_slapd_disabled
+ - partition_for_web_content
+ - audit_rules_unsuccessful_file_modification_open_o_trunc_write
+ - package_tar_installed
+ - httpd_private_server_on_separate_subnet
+ - use_root_squashing_all_exports
+ - sebool_ftpd_connect_all_unreserved
+ - configure_user_data_backups
+ - dir_ownership_binary_dirs
+ - nfs_fixed_lockd_tcp_port
+ - sebool_mcelog_exec_scripts
+ - httpd_configure_tls
+ - sysctl_net_ipv4_tcp_invalid_ratelimit
+ - sebool_xserver_execmem
+ - snmpd_not_default_password
+ - service_nftables_enabled
+ - sysctl_net_ipv6_conf_default_disable_ipv6
+ - sebool_cron_userdomain_transition
+ - sebool_collectd_tcp_network_connect
+ - sebool_httpd_enable_homedirs
+ - sebool_httpd_unified
+ - service_ypbind_disabled
+ - selinux_all_devicefiles_labeled
+ - audit_rules_privileged_commands_newuidmap
+ - ldap_client_tls_cacertpath
+ - sebool_zabbix_can_network
+ - audit_rules_unsuccessful_file_modification_chmod
+ - sebool_gpg_web_anon_write
+ - fapolicyd_prevent_home_folder_access
+ - no_legacy_plus_entries_etc_passwd
+ - sebool_sanlock_use_nfs
+ - httpd_restrict_critical_directories
+ - ldap_client_start_tls
+ - sebool_racoon_read_shadow
+ - audit_rules_successful_file_modification_fsetxattr
+ - sssd_enable_pam_services
+ - service_sssd_enabled
+ - service_psacct_enabled
+ - audit_rules_successful_file_modification_fremovexattr
+ - httpd_remove_backups
+ - service_netconsole_disabled
+ - file_permissions_httpd_server_conf_d_files
+ - audit_rules_successful_file_modification_rename
+ - sebool_guest_exec_content
+ - sebool_selinuxuser_mysql_connect_enabled
+ - sebool_antivirus_use_jit
+ - sebool_ksmtuned_use_nfs
+ - audit_rules_successful_file_modification_setxattr
+ - sssd_ldap_configure_tls_ca
+ - grub2_systemd_debug-shell_argument_absent
+ - sebool_polipo_session_bind_all_unreserved_ports
+ - sebool_secure_mode_policyload
+ - sebool_webadm_read_user_files
+ - auditd_data_disk_full_action_stig
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
+ - audit_rules_unsuccessful_file_modification_fsetxattr
+ - avahi_restrict_published_information
+ - sebool_git_session_users
+ - sebool_exim_manage_user_files
+ - sshd_enable_gssapi_auth
+ - httpd_digest_authentication
+ - sebool_minidlna_read_generic_user_content
+ - audit_rules_etc_group_openat
+ - umask_for_daemons
+ - sebool_httpd_can_network_connect_cobbler
+ - service_mdmonitor_disabled
+ - audit_rules_unsuccessful_file_modification_fchownat
+ - sebool_openvpn_enable_homedirs
+ - zipl_enable_selinux
+ - bios_disable_usb_boot
+ - file_permissions_systemmap
+ - audit_rules_unsuccessful_file_modification_open_o_creat
+ - kernel_config_ipv6
+ - service_rpcgssd_disabled
+ - audit_rules_successful_file_modification_chown
+ - audit_rules_successful_file_modification_fchmodat
+ - sebool_dhcpc_exec_iptables
+ - httpd_public_resources_not_shared
+ - audit_rules_unsuccessful_file_modification_removexattr
+ - sebool_telepathy_connect_all_ports
+ - httpd_enable_error_logging
+ - httpd_disable_mime_types
+ - sebool_postgresql_can_rsync
+ - audit_rules_unsuccessful_file_modification_openat_o_trunc_write
+ - httpd_install_mod_security
+ - package_telnetd_removed
+ - sebool_httpd_setrlimit
+ - service_dovecot_disabled
+ - service_cockpit_disabled
+ - no_legacy_plus_entries_etc_group
+ - mount_option_boot_noauto
+ - nfs_fixed_mountd_port
+ - sebool_git_cgi_use_nfs
+ - httpd_remove_robots_file
+ - sebool_git_system_use_cifs
+ - sebool_httpd_use_nfs
+ - sshd_enable_pubkey_auth
+ - audit_rules_unsuccessful_file_modification_lchown
+ - dconf_gnome_disable_wifi_create
+ - audit_rules_successful_file_modification_fchown
+ - sssd_ldap_configure_tls_ca_dir
+ - sebool_git_system_enable_homedirs
+ - sebool_httpd_can_check_spam
+ - package_pcsc-lite_installed
+ - sebool_mpd_use_cifs
+ - sebool_xen_use_nfs
+ - zipl_systemd_debug-shell_argument_absent
+ - sebool_samba_enable_home_dirs
+ - service_named_disabled
+ - service_syslogng_enabled
+ - sebool_sanlock_use_fusefs
+ - account_passwords_pam_faillock_audit
+ - sebool_ssh_keysign
+ - httpd_require_client_certs
+ - sebool_zebra_write_config
+ - sebool_kerberos_enabled
+ - httpd_disable_content_symlinks
+ - package_sssd-ipa_installed
+ - sebool_irc_use_any_tcp_ports
+ - audit_rules_etc_gshadow_open_by_handle_at
+ - sebool_samba_export_all_rw
+ - httpd_anonymous_content_sharing
+ - audit_rules_successful_file_modification_truncate
+ - dhcp_server_minimize_served_info
+ - file_permissions_httpd_server_modules_files
+ - httpd_mime_magic
+ - audit_rules_successful_file_modification_open_by_handle_at
+ - sebool_tmpreaper_use_samba
+ - sebool_xdm_sysadm_login
+ - sebool_samba_create_home_dirs
+ - sebool_login_console_enabled
+ - sebool_secadm_exec_content
+ - httpd_configure_firewall
+ - sssd_ldap_configure_tls_reqcert
+ - audit_rules_successful_file_modification_chmod
+ - sebool_nis_enabled
+ - ftp_log_transactions
+ - sebool_cvs_read_shadow
+ - audit_rules_unsuccessful_file_modification_lsetxattr
+ - sebool_xend_run_qemu
+ - auditd_data_disk_error_action_stig
+ - sebool_virt_use_comm
+ - installed_OS_is_FIPS_certified
+ - mcafee_antivirus_definitions_updated
+ - network_ipv6_default_gateway
+ - sebool_httpd_can_network_connect
+ - sebool_virt_sandbox_use_audit
+ - sshd_disable_root_password_login
+ - set_firewalld_appropriate_zone
+ - harden_sshd_crypto_policy
+ - package_telnetd-ssl_removed
+ - network_ipv6_disable_interfaces
+ - package_vsftpd_installed
+ - sebool_puppetmaster_use_db
+ - audit_rules_successful_file_modification_ftruncate
+ - logwatch_configured_hostlimit
+ - dns_server_disable_zone_transfers
+ - no_insecure_locks_exports
+ - dconf_gnome_disable_power_settings
+ - package_abrt-plugin-logger_removed
+ - sebool_mozilla_plugin_bind_unreserved_ports
+ - package_MFEhiplsm_installed
+ - sebool_fenced_can_ssh
+ - sebool_glance_use_execmem
+ - audit_rules_etc_passwd_openat
+ - sebool_rsync_full_access
+ - httpd_server_activity_status
+ - snmpd_no_rwusers
+ - httpd_ignore_htaccess_files
+ - service_pcscd_enabled
+ - mount_option_home_usrquota
+ - sebool_logging_syslogd_can_sendmail
+ - service_quota_nld_disabled
+ - sebool_ftpd_use_passive_mode
+ - sebool_cluster_can_network_connect
+ - sebool_cdrecord_read_content
+ - sebool_antivirus_can_scan_system
+ - rsyslog_logging_configured
+ - sebool_httpd_manage_ipa
+ - audit_rules_dac_modification_umount
+ - sebool_samba_share_nfs
+ - sebool_domain_kernel_load_modules
+ - package_389-ds-base_removed
+ - mount_option_krb_sec_remote_filesystems
+ - sebool_logging_syslogd_use_tty
+ - audit_rules_etc_group_open
+ - ftp_disable_uploads
+ - sebool_secure_mode
+ - set_iptables_default_rule_forward
+ - httpd_enable_log_config
+ - service_rsh_disabled
+ - zipl_vsyscall_argument
+ - audit_rules_unsuccessful_file_modification_openat_o_creat
+ - dovecot_enable_ssl
+ - sebool_awstats_purge_apache_log_files
+ - ftp_home_partition
+ - httpd_url_correction
+ - sebool_httpd_tmp_exec
+ - sebool_sanlock_use_samba
+ - audit_privileged_commands_poweroff
+ - force_opensc_card_drivers
+ - audit_rules_successful_file_modification_creat
+ - sebool_domain_fd_use
+ - package_avahi-autoipd_removed
+ - sebool_httpd_can_connect_ftp
+ - sebool_httpd_anon_write
+ - root_path_default
+ - sebool_dhcpd_use_ldap
+ - httpd_antivirus_scan_uploads
+ - coreos_enable_selinux_kernel_argument
+ - sebool_postgresql_selinux_unconfined_dbadm
+ - kernel_disable_entropy_contribution_for_solid_state_drives
+ - sebool_use_fusefs_home_dirs
+ - sebool_abrt_upload_watch_anon_write
+ - dconf_gnome_disable_restart_shutdown
+ - audit_rules_successful_file_modification_lremovexattr
+ - sebool_virt_transition_userdomain
+ - sshd_use_priv_separation
+ - sudo_add_passwd_timeout
+ - package_freeradius_removed
+ - avahi_check_ttl
+ - audit_privileged_commands_shutdown
+ - service_tftp_disabled
+ - sebool_httpd_tty_comm
+ - sebool_dbadm_read_user_files
+ - service_rpcsvcgssd_disabled
+ - audit_rules_unsuccessful_file_modification_unlink
+ - auditd_audispd_disk_full_action
+ - httpd_enable_system_logging
+ - httpd_encrypt_file_uploads
+ - sssd_ssh_known_hosts_timeout
+ - sebool_exim_read_user_files
+ - ftp_limit_users
+ - sebool_zarafa_setrlimit
+ - kernel_module_mac80211_disabled
+ - sebool_kdumpgui_run_bootloader
+ - service_portreserve_disabled
+ - chronyd_or_ntpd_specify_remote_server
+ - rsyslog_accept_remote_messages_tcp
+ - sebool_httpd_verify_dns
+ - ip6tables_rules_for_open_ports
+ - set_nftables_table
+ - accounts_password_pam_enforce_local
+ - usbguard_allow_hub
+ - sebool_polipo_use_nfs
+ - sebool_exim_can_connect_db
+ - package_libreport-plugin-rhtsupport_removed
+ - sebool_unprivuser_use_svirt
+ - sssd_run_as_sssd_user
+ - sebool_httpd_run_stickshift
+ - httpd_nipr_accredited_dmz
+ - set_ipv6_loopback_traffic
+ - package_systemd-journal-remote_installed
+ - ftp_configure_firewall
+ - sssd_ldap_start_tls
+ - sebool_cron_can_relabel
+ - httpd_mod_rewrite
+ - network_ipv6_static_address
+ - package_libreswan_installed
+ - audit_rules_unsuccessful_file_modification_fremovexattr
+ - sebool_httpd_dbus_sssd
+ - sebool_xguest_connect_network
+ - package_geolite2-country_removed
+ - audit_rules_etc_group_open_by_handle_at
+ - sebool_daemons_use_tcp_wrapper
+ - httpd_disable_anonymous_ftp_access
+ - sebool_use_nfs_home_dirs
+ - dhcp_server_deny_bootp
+ - sebool_conman_can_network
+ - sebool_logrotate_use_nfs
+ - audit_rules_unsuccessful_file_modification_fchown
+ - sebool_httpd_can_network_connect_db
+ - sebool_gluster_export_all_rw
+ - package_vim_installed
+ - sebool_named_write_master_zones
+ - sebool_postfix_local_write_mail_spool
+ - httpd_cgi_support
+ - sebool_xguest_mount_media
+ - bios_assign_password
+ - service_cpupower_disabled
+ - sebool_selinuxuser_rw_noexattrfile
+ - sebool_cron_system_cronjob_use_shares
+ - sebool_virt_use_rawip
+ - sebool_pcp_bind_all_unreserved_ports
+ - install_mcafee_cma_rt
+ - no_root_webbrowsing
+ - audit_rules_etc_gshadow_open
+ - sebool_saslauthd_read_shadow
+ - service_rhsmcertd_disabled
+ - sebool_mock_enable_homedirs
+ - ntpd_specify_remote_server
+ - audit_rules_successful_file_modification_openat_o_creat
+ - kernel_module_iwlwifi_disabled
+ - sebool_zoneminder_anon_write
+ - sshd_enable_x11_forwarding
+ - dconf_gnome_screensaver_user_info
+ - require_smb_client_signing
+ - sshd_disable_rhosts_rsa
+ - sebool_neutron_can_network
+ - dovecot_disable_plaintext_auth
+ - sebool_ftpd_connect_db
+ - sebool_httpd_mod_auth_ntlm_winbind
+ - sebool_samba_share_fusefs
+ - harden_ssh_client_crypto_policy
+ - sebool_cobbler_use_cifs
+ - sebool_httpd_can_network_relay
+ - package_geolite2-city_removed
+ - set_iptables_default_rule
+ - sebool_piranha_lvs_can_network_connect
+ - cups_disable_printserver
+ - usbguard_allow_hid
+ - package_talk_removed
+ - no_legacy_plus_entries_etc_shadow
+ - sebool_git_session_bind_all_unreserved_ports
+ - service_acpid_disabled
+ - rsyslog_accept_remote_messages_udp
+ - sebool_boinc_execmem
+ - service_nails_enabled
+ - audit_rules_unsuccessful_file_modification_unlinkat
+ - disable_logwatch_for_logserver
+ - sebool_fips_mode
+ - audit_rules_unsuccessful_file_modification_open_rule_order
+ - ftp_present_banner
+ - audit_rules_unsuccessful_file_modification_fchmodat
+ - sebool_polipo_session_users
+ - sebool_cluster_manage_all_files
+ - iptables_rules_for_open_ports
+ - dovecot_configure_ssl_key
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/e8.profile b/products/almalinux8/profiles/e8.profile
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..491958fdd
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/e8.profile
2023-02-21 13:38:18 +00:00
@@ -0,0 +1,152 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - shaneboulden
2023-02-21 13:38:18 +00:00
+ - tjbutt58
2021-11-17 13:33:00 +00:00
+
2023-10-30 15:13:07 +00:00
+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
2021-11-17 13:33:00 +00:00
+
+title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
+
+description: |-
2023-02-21 13:38:18 +00:00
+ This profile contains configuration checks for AlmaLinux 8
2021-11-17 13:33:00 +00:00
+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
+
+ A copy of the Essential Eight in Linux Environments guide can be found at the
+ ACSC website:
+
+ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+selections:
+
+ ### Remove obsolete packages
+ - package_talk_removed
+ - package_talk-server_removed
+ - package_xinetd_removed
+ - service_xinetd_disabled
+ - package_ypbind_removed
+ - package_telnet_removed
+ - service_telnet_disabled
+ - package_telnet-server_removed
+ - package_rsh_removed
+ - package_rsh-server_removed
+ - service_zebra_disabled
+ - package_quagga_removed
+ - service_avahi-daemon_disabled
+ - package_squid_removed
+ - service_squid_disabled
+
+ ### Software update
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_globally_activated
+ - security_patches_up_to_date
+ - dnf-automatic_security_updates_only
+
+ ### System security settings
+ - sysctl_kernel_randomize_va_space
+ - sysctl_kernel_exec_shield
+ - sysctl_kernel_kptr_restrict
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_kexec_load_disabled
+ - sysctl_kernel_yama_ptrace_scope
+ - sysctl_kernel_unprivileged_bpf_disabled
+ - sysctl_net_core_bpf_jit_harden
+
+ ### SELinux
+ - var_selinux_state=enforcing
+ - selinux_state
+ - var_selinux_policy_name=targeted
+ - selinux_policytype
+
+ ### Filesystem integrity
+ - rpm_verify_hashes
+ - rpm_verify_permissions
+ - rpm_verify_ownership
+ - file_permissions_unauthorized_sgid
+ - file_permissions_unauthorized_suid
+ - file_permissions_unauthorized_world_writable
+ - dir_perms_world_writable_sticky_bits
+ - file_permissions_library_dirs
+ - file_ownership_binary_dirs
+ - file_permissions_binary_dirs
+ - file_ownership_library_dirs
+
+ ### Passwords
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - no_empty_passwords
+
+ ### Partitioning
+ - mount_option_dev_shm_nodev
+ - mount_option_dev_shm_nosuid
+ - mount_option_dev_shm_noexec
+
+ ### Network
+ - package_firewalld_installed
+ - service_firewalld_enabled
+ - network_sniffer_disabled
+
+ ### Admin privileges
+ - accounts_no_uid_except_zero
+ - sudo_remove_nopasswd
+ - sudo_remove_no_authenticate
+ - sudo_require_authentication
+
+ ### Audit
+ - package_rsyslog_installed
+ - service_rsyslog_enabled
+ - service_auditd_enabled
+ - var_auditd_flush=incremental_async
+ - auditd_data_retention_flush
+ - auditd_local_events
+ - auditd_write_logs
+ - auditd_log_format
+ - auditd_freq
+ - auditd_name_format
+ - audit_rules_login_events_tallylog
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events
+ - audit_rules_time_adjtimex
+ - audit_rules_time_clock_settime
+ - audit_rules_time_watch_localtime
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_execution_restorecon
+ - audit_rules_execution_chcon
+ - audit_rules_execution_semanage
+ - audit_rules_execution_setsebool
+ - audit_rules_execution_setfiles
+ - audit_rules_execution_seunshare
+ - audit_rules_sysadmin_actions
+ - audit_rules_networkconfig_modification
+ - audit_rules_usergroup_modification
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_kernel_module_loading
+
+ ### Secure access
+ - sshd_disable_root_login
+ - sshd_disable_gssapi_auth
+ - sshd_print_last_log
+ - sshd_do_not_permit_user_env
+ - sshd_disable_rhosts
+ - sshd_set_loglevel_info
+ - sshd_disable_empty_passwords
+ - sshd_disable_user_known_hosts
+ - sshd_enable_strictmodes
+
+ # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms
+ - var_system_crypto_policy=default_nosha1
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+
+ ### Application whitelisting
+ - package_fapolicyd_installed
+ - service_fapolicyd_enabled
+
+ ### Backup
+ - package_rear_installed
diff --git a/products/almalinux8/profiles/hipaa.profile b/products/almalinux8/profiles/hipaa.profile
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..e736c0657
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/hipaa.profile
2023-02-21 13:38:18 +00:00
@@ -0,0 +1,166 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: True
+
+metadata:
+ SMEs:
+ - jjaswanson4
+
+reference: https://www.hhs.gov/hipaa/for-professionals/index.html
+
+title: 'Health Insurance Portability and Accountability Act (HIPAA)'
+
+description: |-
+ The HIPAA Security Rule establishes U.S. national standards to protect individuals
+ electronic personal health information that is created, received, used, or
+ maintained by a covered entity. The Security Rule requires appropriate
+ administrative, physical and technical safeguards to ensure the
+ confidentiality, integrity, and security of electronic protected health
+ information.
+
+ This profile configures AlmaLinux 8 to the HIPAA Security
+ Rule identified for securing of electronic protected health information.
2023-10-30 15:13:07 +00:00
+ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).
2021-11-17 13:33:00 +00:00
+
+selections:
+ - grub2_password
+ - grub2_uefi_password
+ - file_groupowner_grub2_cfg
+ - file_owner_grub2_cfg
+ - grub2_disable_interactive_boot
+ - no_direct_root_logins
+ - no_empty_passwords
+ - require_singleuser_auth
+ - restrict_serial_port_logins
+ - securetty_root_login_console_only
+ - service_debug-shell_disabled
+ - disable_ctrlaltdel_reboot
+ - disable_ctrlaltdel_burstaction
+ - dconf_db_up_to_date
+ - dconf_gnome_remote_access_credential_prompt
+ - dconf_gnome_remote_access_encryption
+ - sshd_disable_empty_passwords
+ - sshd_disable_root_login
+ - libreswan_approved_tunnels
+ - no_rsh_trust_files
+ - package_rsh-server_removed
+ - package_talk_removed
+ - package_talk-server_removed
+ - package_telnet_removed
+ - package_telnet-server_removed
+ - package_xinetd_removed
+ - service_crond_enabled
+ - service_rexec_disabled
+ - service_rlogin_disabled
+ - service_telnet_disabled
+ - service_xinetd_disabled
+ - service_zebra_disabled
+ - use_kerberos_security_all_exports
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - disable_host_auth
+ - sshd_allow_only_protocol2
+ - sshd_disable_compression
+ - sshd_disable_gssapi_auth
+ - sshd_disable_kerb_auth
+ - sshd_do_not_permit_user_env
+ - sshd_enable_strictmodes
+ - sshd_enable_warning_banner
+ - var_sshd_set_keepalive=0
+ - sshd_set_keepalive_0
+ - encrypt_partitions
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+ - var_selinux_policy_name=targeted
+ - var_selinux_state=enforcing
+ - grub2_enable_selinux
+ - sebool_selinuxuser_execheap
+ - sebool_selinuxuser_execmod
+ - sebool_selinuxuser_execstack
+ - selinux_confinement_of_daemons
+ - selinux_policytype
+ - selinux_state
+ - service_kdump_disabled
+ - sysctl_fs_suid_dumpable
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_exec_shield
+ - sysctl_kernel_randomize_va_space
+ - rpm_verify_hashes
+ - rpm_verify_permissions
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_never_disabled
+ - ensure_gpgcheck_local_packages
+ - grub2_audit_argument
+ - service_auditd_enabled
+ - audit_rules_privileged_commands_sudo
+ - audit_rules_privileged_commands_su
+ - audit_rules_immutable
+ - kernel_module_usb-storage_disabled
+ - service_autofs_disabled
+ - auditd_audispd_syslog_plugin_activated
+ - rsyslog_remote_loghost
+ - auditd_data_retention_flush
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+ - audit_rules_execution_chcon
+ - audit_rules_execution_restorecon
+ - audit_rules_execution_semanage
+ - audit_rules_execution_setsebool
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_rmdir
+ - audit_rules_file_deletion_events_unlinkat
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_kernel_module_loading_delete
+ - audit_rules_kernel_module_loading_init
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events_tallylog
+ - audit_rules_mac_modification
+ - audit_rules_media_export
+ - audit_rules_networkconfig_modification
+ - audit_rules_privileged_commands_chage
+ - audit_rules_privileged_commands_chsh
+ - audit_rules_privileged_commands_crontab
+ - audit_rules_privileged_commands_gpasswd
+ - audit_rules_privileged_commands_newgrp
+ - audit_rules_privileged_commands_pam_timestamp_check
+ - audit_rules_privileged_commands_passwd
+ - audit_rules_privileged_commands_postdrop
+ - audit_rules_privileged_commands_postqueue
+ - audit_rules_privileged_commands_ssh_keysign
+ - audit_rules_privileged_commands_sudoedit
+ - audit_rules_privileged_commands_umount
+ - audit_rules_privileged_commands_unix_chkpwd
+ - audit_rules_privileged_commands_userhelper
+ - audit_rules_session_events
+ - audit_rules_sysadmin_actions
+ - audit_rules_system_shutdown
2023-02-21 13:38:18 +00:00
+ - var_audit_failure_mode=panic
2021-11-17 13:33:00 +00:00
+ - audit_rules_time_adjtimex
+ - audit_rules_time_clock_settime
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_watch_localtime
+ - audit_rules_unsuccessful_file_modification_creat
+ - audit_rules_unsuccessful_file_modification_ftruncate
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_usergroup_modification_group
+ - audit_rules_usergroup_modification_gshadow
+ - audit_rules_usergroup_modification_opasswd
+ - audit_rules_usergroup_modification_passwd
+ - audit_rules_usergroup_modification_shadow
diff --git a/products/almalinux8/profiles/ism_o.profile b/products/almalinux8/profiles/ism_o.profile
new file mode 100644
2023-10-30 15:13:07 +00:00
index 000000000..aac055ee1
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/ism_o.profile
2023-02-21 13:38:18 +00:00
@@ -0,0 +1,139 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - shaneboulden
+ - wcushen
2023-02-21 13:38:18 +00:00
+ - eliseelk
+ - sashperso
+ - anjuskantha
2021-11-17 13:33:00 +00:00
+
+reference: https://www.cyber.gov.au/ism
+
+title: 'Australian Cyber Security Centre (ACSC) ISM Official'
+
+description: |-
+ This profile contains configuration checks for AlmaLinux 8
+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
+ with the applicability marking of OFFICIAL.
+
2023-10-30 15:13:07 +00:00
+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
2023-02-21 13:38:18 +00:00
+ AlmaLinux security controls with the ISM, which can be used to select controls
2021-11-17 13:33:00 +00:00
+ specific to an organisation's security posture and risk profile.
+
+ A copy of the ISM can be found at the ACSC website:
+
+ https://www.cyber.gov.au/ism
+
+extends: e8
+
+selections:
+
+ ## Operating system configuration
+ ## Identifiers 1491
+ - no_shelllogin_for_systemaccounts
+
+ ## Local administrator accounts
+ ## Identifiers 1382 / 1410
+ - accounts_password_all_shadowed
+ - package_sudo_installed
+
+ ## Content filtering & Anti virus
+ ## Identifiers 0576 / 1341 / 1034 / 1417 / 1288
+ - package_aide_installed
+
+ ## Software firewall
+ ## Identifiers 1416
+ - configure_firewalld_ports
+ ## Removing due to build error
+ ## - configure_firewalld_rate_limiting
+ - firewalld_sshd_port_enabled
+ - set_firewalld_default_zone
+
+ ## Endpoint device control software
+ ## Identifiers 1418
+ - package_usbguard_installed
+ - service_usbguard_enabled
+ - usbguard_allow_hid_and_hub
+
+ ## Authentication hardening
+ ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560
+ ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431
+ - sshd_max_auth_tries_value=5
+ - disable_host_auth
+ - require_emergency_target_auth
+ - require_singleuser_auth
+ - sshd_disable_kerb_auth
+ - sshd_set_max_auth_tries
+
+ ## Password authentication & Protecting credentials
+ ## Identifiers 0421 / 0431 / 0418 / 1402
+ - var_password_pam_minlen=14
+ - var_accounts_password_warn_age_login_defs=7
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_maximum_age_login_defs=60
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - accounts_password_warn_age_login_defs
+ - accounts_maximum_age_login_defs
+ - accounts_minimum_age_login_defs
+ - accounts_passwords_pam_faillock_interval
+ - accounts_passwords_pam_faillock_unlock_time
+ - accounts_passwords_pam_faillock_deny
+ - accounts_passwords_pam_faillock_deny_root
+ - accounts_password_pam_minlen
+
+ ## Centralised logging facility
2023-10-30 15:13:07 +00:00
+ ## Identifiers 1405 / 0988
2021-11-17 13:33:00 +00:00
+ - rsyslog_cron_logging
+ - rsyslog_files_groupownership
+ - rsyslog_files_ownership
+ - rsyslog_files_permissions
+ - rsyslog_nolisten
+ - rsyslog_remote_loghost
+ - rsyslog_remote_tls
+ - rsyslog_remote_tls_cacert
+ - package_chrony_installed
+ - service_chronyd_enabled
+ - chronyd_or_ntpd_specify_multiple_servers
+ - chronyd_specify_remote_server
+ - service_chronyd_or_ntpd_enabled
+
+ ## Events to be logged
+ ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
+ - display_login_attempts
+ - sebool_auditadm_exec_content
+ - audit_rules_privileged_commands
+ - audit_rules_session_events
+ - audit_rules_unsuccessful_file_modification
+ - audit_access_failed
+ - audit_access_success
+
+ ## Web application & Database servers
+ ## Identifiers 1552 / 1277
+ - openssl_use_strong_entropy
+
+ ## Network design and configuration
2023-10-30 15:13:07 +00:00
+ ## Identifiers 1055 / 1311
2021-11-17 13:33:00 +00:00
+ - network_nmcli_permissions
+ - service_snmpd_disabled
+ - snmpd_use_newer_protocol
+
+ ## Wireless networks
+ ## Identifiers 1315
+ - wireless_disable_interfaces
+
+ ## ASD Approved Cryptographic Algorithms
2023-10-30 15:13:07 +00:00
+ ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 /
+ ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 / 1139 /
2021-11-17 13:33:00 +00:00
+ ## 1372 / 1373 / 1374 / 1375
+ - enable_fips_mode
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+
+ ## Secure Shell access
+ ## Identifiers 0484 / 1506 / 1449 / 0487
+ - sshd_allow_only_protocol2
+ - sshd_enable_warning_banner
+ - sshd_disable_x11_forwarding
+ - file_permissions_sshd_private_key
diff --git a/products/almalinux8/profiles/ospp.profile b/products/almalinux8/profiles/ospp.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..3255908d7
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/ospp.profile
2023-02-21 13:38:18 +00:00
@@ -0,0 +1,437 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
+ version: 4.2.1
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - ggbecker
+ - matusmarhefka
2021-11-17 13:33:00 +00:00
+
2024-03-04 15:52:37 +00:00
+reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=442&id=442
2021-11-17 13:33:00 +00:00
+
+title: 'Protection Profile for General Purpose Operating Systems'
+
+description: |-
+ This profile reflects mandatory configuration controls identified in the
+ NIAP Configuration Annex to the Protection Profile for General Purpose
+ Operating Systems (Protection Profile Version 4.2.1).
+
+ This configuration profile is consistent with CNSSI-1253, which requires
+ U.S. National Security Systems to adhere to certain configuration
+ parameters. Accordingly, this configuration profile is suitable for
+ use in U.S. National Security Systems.
+
+selections:
+
+ #######################################################
+ ### GENERAL REQUIREMENTS
+ ### Things needed to meet OSPP functional requirements.
+ #######################################################
+
+ ### Partitioning
+ - mount_option_home_nodev
+ - mount_option_home_nosuid
+ - mount_option_tmp_nodev
+ - mount_option_tmp_noexec
+ - mount_option_tmp_nosuid
+ - partition_for_var_tmp
+ - mount_option_var_tmp_nodev
+ - mount_option_var_tmp_noexec
+ - mount_option_var_tmp_nosuid
+ - mount_option_dev_shm_nodev
+ - mount_option_dev_shm_noexec
+ - mount_option_dev_shm_nosuid
+ - mount_option_nodev_nonroot_local_partitions
+ - mount_option_boot_nodev
+ - mount_option_boot_nosuid
+ - partition_for_home
+ - partition_for_var
+ - mount_option_var_nodev
+ - partition_for_var_log
+ - mount_option_var_log_nodev
+ - mount_option_var_log_nosuid
+ - mount_option_var_log_noexec
+ - partition_for_var_log_audit
+ - mount_option_var_log_audit_nodev
+ - mount_option_var_log_audit_nosuid
+ - mount_option_var_log_audit_noexec
+
+ ### Services
+ # sshd
+ - sshd_disable_root_login
+ - sshd_enable_strictmodes
+ - disable_host_auth
+ - sshd_disable_empty_passwords
+ - sshd_disable_kerb_auth
+ - sshd_disable_gssapi_auth
+ - var_sshd_set_keepalive=0
+ - sshd_set_keepalive_0
+ - sshd_enable_warning_banner
+ - sshd_rekey_limit
+ - var_rekey_limit_size=1G
+ - var_rekey_limit_time=1hour
+ - sshd_use_strong_rng
+ - openssl_use_strong_entropy
+
+ # Time Server
+ - chronyd_client_only
+ - chronyd_no_chronyc_network
+
+ ### Network Settings
+ - sysctl_net_ipv6_conf_all_accept_ra
+ - sysctl_net_ipv6_conf_default_accept_ra
+ - sysctl_net_ipv4_conf_all_accept_redirects
+ - sysctl_net_ipv4_conf_default_accept_redirects
+ - sysctl_net_ipv6_conf_all_accept_redirects
+ - sysctl_net_ipv6_conf_default_accept_redirects
+ - sysctl_net_ipv4_conf_all_accept_source_route
+ - sysctl_net_ipv4_conf_default_accept_source_route
+ - sysctl_net_ipv6_conf_all_accept_source_route
+ - sysctl_net_ipv6_conf_default_accept_source_route
+ - sysctl_net_ipv4_conf_all_secure_redirects
+ - sysctl_net_ipv4_conf_default_secure_redirects
+ - sysctl_net_ipv4_conf_all_send_redirects
+ - sysctl_net_ipv4_conf_default_send_redirects
+ - sysctl_net_ipv4_conf_all_log_martians
+ - sysctl_net_ipv4_conf_default_log_martians
+ - sysctl_net_ipv4_conf_all_rp_filter
+ - sysctl_net_ipv4_conf_default_rp_filter
+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+ - sysctl_net_ipv4_ip_forward
+ - sysctl_net_ipv4_tcp_syncookies
+
+ ### systemd
+ - disable_ctrlaltdel_reboot
+ - disable_ctrlaltdel_burstaction
+ - service_debug-shell_disabled
+
+ ### umask
+ - var_accounts_user_umask=027
+ - accounts_umask_etc_profile
+ - accounts_umask_etc_bashrc
+ - accounts_umask_etc_csh_cshrc
+
+ ### Software update
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_local_packages
+ - ensure_gpgcheck_never_disabled
+
+ ### Passwords
+ - var_password_pam_difok=4
+ - accounts_password_pam_difok
+ - var_password_pam_maxrepeat=3
+ - accounts_password_pam_maxrepeat
+ - var_password_pam_maxclassrepeat=4
+ - accounts_password_pam_maxclassrepeat
+
+ ### Kernel Config
+ ## Boot prompt
+ - grub2_audit_argument
+ - grub2_audit_backlog_limit_argument
+ - grub2_slub_debug_argument
2023-02-21 13:38:18 +00:00
+ - var_slub_debug_options=P
2021-11-17 13:33:00 +00:00
+ - grub2_page_poison_argument
+ - grub2_vsyscall_argument
+ - grub2_vsyscall_argument.role=unscored
+ - grub2_vsyscall_argument.severity=info
+ - grub2_pti_argument
+ - grub2_kernel_trust_cpu_rng
+
+ ## Security Settings
+ - sysctl_kernel_kptr_restrict
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_kexec_load_disabled
+ - sysctl_kernel_yama_ptrace_scope
+ - sysctl_kernel_perf_event_paranoid
+ - sysctl_user_max_user_namespaces
+ - sysctl_user_max_user_namespaces.role=unscored
+ - sysctl_user_max_user_namespaces.severity=info
+ - sysctl_kernel_unprivileged_bpf_disabled
+ - sysctl_net_core_bpf_jit_harden
+ - service_kdump_disabled
+
+ ## File System Settings
+ - sysctl_fs_protected_hardlinks
+ - sysctl_fs_protected_symlinks
+
+ ### Audit
+ - service_auditd_enabled
+ - var_auditd_flush=incremental_async
+ - auditd_data_retention_flush
+ - auditd_local_events
+ - auditd_write_logs
+ - auditd_log_format
+ - auditd_freq
+ - auditd_name_format
+
2023-02-21 13:38:18 +00:00
+ ### Module Disabled
2021-11-17 13:33:00 +00:00
+ - kernel_module_cramfs_disabled
+ - kernel_module_bluetooth_disabled
+ - kernel_module_sctp_disabled
+ - kernel_module_firewire-core_disabled
+ - kernel_module_atm_disabled
+ - kernel_module_can_disabled
+ - kernel_module_tipc_disabled
+
+ ### rpcbind
+
+ ### Install Required Packages
+ - package_aide_installed
+ - package_dnf-automatic_installed
+ - package_subscription-manager_installed
+ - package_dnf-plugin-subscription-manager_installed
+ - package_firewalld_installed
+ - package_openscap-scanner_installed
+ - package_policycoreutils_installed
+ - package_sudo_installed
+ - package_usbguard_installed
+ - package_scap-security-guide_installed
+ - package_audit_installed
+ - package_crypto-policies_installed
+ - package_openssh-server_installed
+ - package_openssh-clients_installed
+ - package_policycoreutils-python-utils_installed
+ - package_rsyslog_installed
+ - package_chrony_installed
+ - package_gnutls-utils_installed
+
+ ### Remove Prohibited Packages
+ - package_sendmail_removed
+ - package_iprutils_removed
+ - package_gssproxy_removed
+ - package_nfs-utils_removed
+ - package_krb5-workstation_removed
+ - package_abrt-addon-kerneloops_removed
2022-06-29 08:41:07 +00:00
+ - package_python3-abrt-addon_removed
2021-11-17 13:33:00 +00:00
+ - package_abrt-addon-ccpp_removed
+ - package_abrt-plugin-sosreport_removed
+ - package_abrt-cli_removed
2023-02-21 13:38:18 +00:00
+ - package_libreport-plugin-rhtsupport_removed
+ - package_libreport-plugin-logger_removed
2021-11-17 13:33:00 +00:00
+ - package_abrt_removed
+
+ ### Login
+ - disable_users_coredumps
+ - sysctl_kernel_core_pattern
+ - coredump_disable_storage
+ - coredump_disable_backtraces
+ - service_systemd-coredump_disabled
+ - var_accounts_max_concurrent_login_sessions=10
+ - accounts_max_concurrent_login_sessions
+ - securetty_root_login_console_only
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=minimal
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - var_password_pam_unix_remember=5
+ - accounts_password_pam_unix_remember
+ - use_pam_wheel_for_su
+
+ ### SELinux Configuration
+ - var_selinux_state=enforcing
+ - selinux_state
+ - var_selinux_policy_name=targeted
+ - selinux_policytype
+
+ ### Application Whitelisting (RHEL 8)
+ - package_fapolicyd_installed
+ - service_fapolicyd_enabled
+
+ ### Configure USBGuard
+ - service_usbguard_enabled
+ - configure_usbguard_auditbackend
+ - usbguard_allow_hid_and_hub
+
+
+ ### Enable / Configure FIPS
+ - enable_fips_mode
+ - var_system_crypto_policy=fips_ospp
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+ - configure_bind_crypto_policy
+ - configure_openssl_crypto_policy
+ - configure_libreswan_crypto_policy
+ - configure_kerberos_crypto_policy
+ - enable_dracut_fips_module
+
+ #######################################################
+ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
+ ### FOR GENERAL PURPOSE OPERATING SYSTEMS
+ ### ANNEX RELEASE 1
+ ### FOR PROTECTION PROFILE VERSIONS 4.2
+ ###
+ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
+ #######################################################
+
+ ## Configure Minimum Password Length to 12 Characters
+ ## IA-5 (1)(a) / FMT_MOF_EXT.1
+ - var_password_pam_minlen=12
+ - accounts_password_pam_minlen
+
+ ## Require at Least 1 Special Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ - var_password_pam_ocredit=1
+ - accounts_password_pam_ocredit
+
+ ## Require at Least 1 Numeric Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ - var_password_pam_dcredit=1
+ - accounts_password_pam_dcredit
+
+ ## Require at Least 1 Uppercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ - var_password_pam_ucredit=1
+ - accounts_password_pam_ucredit
+
+ ## Require at Least 1 Lowercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ - var_password_pam_lcredit=1
+ - accounts_password_pam_lcredit
+
+ ## Enable Screen Lock
+ ## FMT_MOF_EXT.1
+ - package_tmux_installed
+ - configure_bashrc_exec_tmux
+ - no_tmux_in_shells
+ - configure_tmux_lock_command
+ - configure_tmux_lock_after_time
+
+ ## Set Screen Lock Timeout Period to 30 Minutes or Less
+ ## AC-11(a) / FMT_MOF_EXT.1
+ ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
+ - sshd_idle_timeout_value=14_minutes
+ - sshd_set_idle_timeout
+
+ ## Disable Unauthenticated Login (such as Guest Accounts)
+ ## FIA_UAU.1
+ - require_singleuser_auth
2023-02-21 13:38:18 +00:00
+ - grub2_disable_recovery
2021-11-17 13:33:00 +00:00
+ - grub2_uefi_password
+ - no_empty_passwords
+
+ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
+ ## AC-7 / FIA_AFL.1
+ - var_accounts_passwords_pam_faillock_deny=3
+ - accounts_passwords_pam_faillock_deny
+ - var_accounts_passwords_pam_faillock_fail_interval=900
+ - accounts_passwords_pam_faillock_interval
+ - var_accounts_passwords_pam_faillock_unlock_time=never
+ - accounts_passwords_pam_faillock_unlock_time
+
+ ## Enable Host-Based Firewall
+ ## SC-7(12) / FMT_MOF_EXT.1
+ - service_firewalld_enabled
+
+ ## Configure Name/Addres of Remote Management Server
+ ## From Which to Receive Config Settings
+ ## CM-3(3) / FMT_MOF_EXT.1
+
+ ## Configure the System to Offload Audit Records to a Log
+ ## Server
+ ## AU-4(1) / FAU_GEN.1.1.c
+ # temporarily dropped
+
+ ## Set Logon Warning Banner
+ ## AC-8(a) / FMT_MOF_EXT.1
+
+ ## Audit All Logons (Success/Failure) and Logoffs (Success)
+ ## CNSSI 1253 Value or DoD-Specific Values:
+ ## (1) Logons (Success/Failure)
+ ## (2) Logoffs (Success)
+ ## AU-2(a) / FAU_GEN.1.1.c
+
+ ## Audit File and Object Events (Unsuccessful)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) Create (Success/Failure)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Sucess/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Sucess/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ##
+ ## (1) Create (Success/Failure)
+ ## (open with O_CREAT)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Success/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Success/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+
+ ## Audit User and Group Management Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) User add, delete, modify, disable, enable (Success/Failure)
+ ## (2) Group/Role add, delete, modify (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ## Generic User and Group Management Events (Success/Failure)
+ ## Selection of setuid programs that relate to
+ ## user accounts.
+ ##
+ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
+ ##
+ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
+ ##
+ ## Audit Privilege or Role Escalation Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Privilege/Role escalation (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit All Audit and Log Data Accesses (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Audit and log data access (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Cryptographic Verification of Software (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
+ ## etc) initialization (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ - audit_basic_configuration
+ - audit_immutable_login_uids
+ - audit_create_failed
+ - audit_create_success
+ - audit_modify_failed
+ - audit_modify_success
+ - audit_access_failed
+ - audit_access_success
+ - audit_delete_failed
+ - audit_delete_success
+ - audit_perm_change_failed
+ - audit_perm_change_success
+ - audit_owner_change_failed
+ - audit_owner_change_success
+ - audit_ospp_general
+ - audit_module_load
+
+ ## Enable Automatic Software Updates
+ ## SI-2 / FMT_MOF_EXT.1
+ # Configure dnf-automatic to Install Only Security Updates
+ - dnf-automatic_security_updates_only
+
+ # Configure dnf-automatic to Install Available Updates Automatically
+ - dnf-automatic_apply_updates
+
+ # Enable dnf-automatic Timer
+ - timer_dnf-automatic_enabled
+
+
+ # Prevent Kerberos use by system daemons
+ - kerberos_disable_no_keytab
+
+ # set ssh client rekey limit
+ - ssh_client_rekey_limit
+ - var_ssh_client_rekey_limit_size=1G
+ - var_ssh_client_rekey_limit_time=1hour
+
+# configure ssh client to use strong entropy
+ - ssh_client_use_strong_rng_sh
+ - ssh_client_use_strong_rng_csh
+
+ # zIPl specific rules
+ - zipl_bls_entries_only
+ - zipl_bootmap_is_up_to_date
+ - zipl_audit_argument
+ - zipl_audit_backlog_limit_argument
+ - zipl_slub_debug_argument
+ - zipl_page_poison_argument
diff --git a/products/almalinux8/profiles/pci-dss.profile b/products/almalinux8/profiles/pci-dss.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..a27fdbd6f
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/pci-dss.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,59 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: '4.0'
2021-11-17 13:33:00 +00:00
+ SMEs:
2024-03-04 15:52:37 +00:00
+ - marcusburghardt
+ - mab879
+ - vojtapolasek
2021-11-17 13:33:00 +00:00
+
2024-03-04 15:52:37 +00:00
+reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
2021-11-17 13:33:00 +00:00
+
2024-03-04 15:52:37 +00:00
+title: 'PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 8'
2021-11-17 13:33:00 +00:00
+
+description: |-
2024-03-04 15:52:37 +00:00
+ Payment Card Industry - Data Security Standard (PCI-DSS) is a set of
+ security standards designed to ensure the secure handling of payment card
+ data, with the goal of preventing data breaches and protecting sensitive
+ financial information.
+
+ This profile ensures Red Hat Enterprise Linux 8 is configured in alignment
+ with PCI-DSS v4.0 requirements.
2021-11-17 13:33:00 +00:00
+
+selections:
2024-03-04 15:52:37 +00:00
+ - pcidss_4:all
+ # More tests are needed to identify which rule is conflicting with rpm_verify_permissions.
+ # https://github.com/ComplianceAsCode/content/issues/11285
+ - '!rpm_verify_permissions'
+ # these rules do not apply to RHEL but they have to keep the prodtype for historical reasons
+ - '!package_audit-audispd-plugins_installed'
+ - '!service_ntp_enabled'
+ - '!ntpd_specify_remote_server'
+ - '!ntpd_specify_multiple_servers'
+ - '!set_ipv6_loopback_traffic'
+ - '!set_loopback_traffic'
+ - '!service_ntpd_enabled'
+ - '!timer_logrotate_enabled'
+ - '!package_talk_removed'
+ - '!package_talk-server_removed'
+ - '!package_rsh_removed'
+ - '!package_rsh-server_removed'
+ # Following rules once had a prodtype incompatible with the rhel8 product
+ - '!cracklib_accounts_password_pam_minlen'
+ - '!nftables_ensure_default_deny_policy'
+ - '!permissions_local_var_log'
+ - '!set_password_hashing_algorithm_commonauth'
+ - '!accounts_passwords_pam_tally2'
+ - '!cracklib_accounts_password_pam_dcredit'
+ - '!cracklib_accounts_password_pam_lcredit'
+ - '!service_timesyncd_enabled'
+ - '!ensure_suse_gpgkey_installed'
+ - '!ensure_shadow_group_empty'
+ - '!mask_nonessential_services'
+ - '!gnome_gdm_disable_unattended_automatic_login'
+ - '!file_owner_at_allow'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!ensure_firewall_rules_for_open_ports'
+ - '!cracklib_accounts_password_pam_retry'
+ - '!aide_periodic_checking_systemd_timer'
+ - '!package_cryptsetup-luks_installed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/rht-ccp.profile b/products/almalinux8/profiles/rht-ccp.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..67dad56fd
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/rht-ccp.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,102 @@
+documentation_complete: true
+
+hidden: true
2021-11-17 13:33:00 +00:00
+
+title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
+
+description: |-
+ This profile contains the minimum security relevant
+ configuration settings recommended by Red Hat, Inc for
2022-06-29 08:41:07 +00:00
+ Red Hat Enterprise Linux 8 instances deployed by Red Hat Certified
+ Cloud Providers.
2021-11-17 13:33:00 +00:00
+
+selections:
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - sshd_idle_timeout_value=5_minutes
+ - var_accounts_minimum_age_login_defs=7
+ - var_accounts_passwords_pam_faillock_deny=5
+ - var_accounts_password_warn_age_login_defs=7
+ - var_password_pam_retry=3
+ - var_password_pam_dcredit=1
+ - var_password_pam_ucredit=2
+ - var_password_pam_ocredit=2
+ - var_password_pam_lcredit=2
+ - var_password_pam_difok=3
+ - var_password_pam_unix_remember=5
+ - var_accounts_user_umask=077
+ - login_banner_text=usgcb_default
+ - partition_for_tmp
+ - partition_for_var
+ - partition_for_var_log
+ - partition_for_var_log_audit
+ - selinux_state
+ - selinux_policytype
+ - ensure_almalinux_gpgkey_installed
+ - security_patches_up_to_date
+ - ensure_gpgcheck_globally_activated
+ - ensure_gpgcheck_never_disabled
+ - package_aide_installed
+ - accounts_password_pam_unix_remember
+ - no_shelllogin_for_systemaccounts
+ - no_empty_passwords
+ - accounts_password_all_shadowed
+ - accounts_no_uid_except_zero
+ - accounts_minimum_age_login_defs
+ - accounts_password_warn_age_login_defs
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
+ - enable_authselect
2021-11-17 13:33:00 +00:00
+ - accounts_password_pam_retry
+ - accounts_password_pam_dcredit
+ - accounts_password_pam_ucredit
+ - accounts_password_pam_ocredit
+ - accounts_password_pam_lcredit
+ - accounts_password_pam_difok
+ - accounts_passwords_pam_faillock_deny
+ - set_password_hashing_algorithm_systemauth
2022-06-29 08:41:07 +00:00
+ - set_password_hashing_algorithm_passwordauth
2021-11-17 13:33:00 +00:00
+ - set_password_hashing_algorithm_logindefs
+ - set_password_hashing_algorithm_libuserconf
+ - require_singleuser_auth
+ - file_owner_etc_shadow
+ - file_groupowner_etc_shadow
+ - file_permissions_etc_shadow
+ - file_owner_etc_gshadow
+ - file_groupowner_etc_gshadow
+ - file_permissions_etc_gshadow
+ - file_owner_etc_passwd
+ - file_groupowner_etc_passwd
+ - file_permissions_etc_passwd
+ - file_owner_etc_group
+ - file_groupowner_etc_group
+ - file_permissions_etc_group
+ - file_permissions_library_dirs
+ - file_ownership_library_dirs
+ - file_permissions_binary_dirs
+ - file_ownership_binary_dirs
+ - file_permissions_var_log_audit
+ - file_owner_grub2_cfg
+ - file_groupowner_grub2_cfg
+ - file_permissions_grub2_cfg
+ - grub2_password
+ - kernel_module_dccp_disabled
+ - kernel_module_sctp_disabled
+ - service_firewalld_enabled
+ - set_firewalld_default_zone
+ - firewalld_sshd_port_enabled
+ - service_abrtd_disabled
+ - service_telnet_disabled
+ - package_telnet-server_removed
+ - package_telnet_removed
+ - sshd_allow_only_protocol2
+ - sshd_set_idle_timeout
+ - var_sshd_set_keepalive=0
+ - sshd_set_keepalive_0
+ - disable_host_auth
+ - sshd_disable_root_login
+ - sshd_disable_empty_passwords
+ - sshd_enable_warning_banner
+ - sshd_do_not_permit_user_env
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
diff --git a/products/almalinux8/profiles/standard.profile b/products/almalinux8/profiles/standard.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..30e6a3d30
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/standard.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,91 @@
+documentation_complete: true
+
+hidden: true
2021-11-17 13:33:00 +00:00
+
2024-03-04 15:52:37 +00:00
+title: 'Standard System Security Profile for Red Hat Enterprise Linux 8'
2021-11-17 13:33:00 +00:00
+
+description: |-
+ This profile contains rules to ensure standard security baseline
2024-03-04 15:52:37 +00:00
+ of a Red Hat Enterprise Linux 8 system. Regardless of your system's workload
2021-11-17 13:33:00 +00:00
+ all of these checks should pass.
+
+selections:
+ - ensure_almalinux_gpgkey_installed
+ - ensure_gpgcheck_globally_activated
+ - rpm_verify_permissions
+ - rpm_verify_hashes
+ - security_patches_up_to_date
+ - no_empty_passwords
2024-03-04 15:52:37 +00:00
+ - file_groupowner_etc_group
+ - file_owner_etc_group
+ - file_permissions_etc_group
+ - file_groupowner_etc_passwd
+ - file_owner_etc_passwd
+ - file_permissions_etc_passwd
+ - file_groupowner_etc_shadow
+ - file_owner_etc_shadow
2021-11-17 13:33:00 +00:00
+ - file_permissions_unauthorized_sgid
+ - file_permissions_unauthorized_suid
+ - file_permissions_unauthorized_world_writable
+ - accounts_root_path_dirs_no_write
+ - dir_perms_world_writable_sticky_bits
+ - mount_option_dev_shm_nodev
+ - mount_option_dev_shm_nosuid
+ - partition_for_var_log
+ - partition_for_var_log_audit
+ - package_rsyslog_installed
+ - service_rsyslog_enabled
+ - audit_rules_time_adjtimex
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_clock_settime
+ - audit_rules_time_watch_localtime
+ - audit_rules_usergroup_modification
+ - audit_rules_networkconfig_modification
+ - audit_rules_mac_modification
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+ - audit_rules_unsuccessful_file_modification
+ - audit_rules_privileged_commands
+ - audit_rules_media_export
+ - audit_rules_file_deletion_events
+ - audit_rules_sysadmin_actions
+ - audit_rules_kernel_module_loading
+ - service_abrtd_disabled
+ - service_atd_disabled
+ - service_autofs_disabled
+ - service_ntpdate_disabled
+ - service_oddjobd_disabled
+ - service_qpidd_disabled
+ - service_rdisc_disabled
+ - configure_crypto_policy
+ - configure_bind_crypto_policy
+ - configure_openssl_crypto_policy
+ - configure_libreswan_crypto_policy
+ - configure_ssh_crypto_policy
+ - configure_kerberos_crypto_policy
2024-03-04 15:52:37 +00:00
+ - service_auditd_enabled
+ - gid_passwd_group_same
+ - file_groupowner_efi_grub2_cfg
+ - file_groupowner_grub2_cfg
+ - file_owner_efi_grub2_cfg
+ - file_owner_grub2_cfg
+ - file_permissions_efi_grub2_cfg
+ - file_permissions_grub2_cfg
+ - file_groupowner_efi_user_cfg
+ - file_groupowner_user_cfg
+ - file_owner_efi_user_cfg
+ - file_owner_user_cfg
+ - file_permissions_efi_user_cfg
+ - file_permissions_user_cfg
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/stig.profile b/products/almalinux8/profiles/stig.profile
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..a82d15f64
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/profiles/stig.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,1251 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
+
+metadata:
2024-03-04 15:52:37 +00:00
+ version: V1R13
2021-11-17 13:33:00 +00:00
+ SMEs:
2022-06-29 08:41:07 +00:00
+ - mab879
2021-11-17 13:33:00 +00:00
+ - ggbecker
+
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+
2022-06-29 08:41:07 +00:00
+title: 'DISA STIG for Red Hat Enterprise Linux 8'
2021-11-17 13:33:00 +00:00
+
+description: |-
+ This profile contains configuration checks that align to the
2024-03-04 15:52:37 +00:00
+ DISA STIG for Red Hat Enterprise Linux 8 V1R13.
+
+ In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
+ configuration baseline as applicable to the operating system tier of
+ Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
+
+ - Red Hat Enterprise Linux Server
+ - Red Hat Enterprise Linux Workstation and Desktop
+ - Red Hat Enterprise Linux for HPC
+ - Red Hat Storage
+ - Red Hat Containers with a Red Hat Enterprise Linux 8 image
2021-11-17 13:33:00 +00:00
+
+selections:
+ ### Variables
+ - var_rekey_limit_size=1G
+ - var_rekey_limit_time=1hour
+ - var_accounts_user_umask=077
+ - var_password_pam_difok=8
+ - var_password_pam_maxrepeat=3
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_maxclassrepeat=4
+ - var_password_pam_minclass=4
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_max_concurrent_login_sessions=10
+ - var_password_pam_remember=5
2023-02-21 13:38:18 +00:00
+ - var_password_pam_remember_control_flag=requisite_or_required
2021-11-17 13:33:00 +00:00
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - var_password_pam_unix_rounds=5000
+ - var_password_pam_minlen=15
+ - var_password_pam_ocredit=1
+ - var_password_pam_dcredit=1
+ - var_password_pam_dictcheck=1
+ - var_password_pam_ucredit=1
+ - var_password_pam_lcredit=1
+ - var_password_pam_retry=3
+ - var_password_pam_minlen=15
2023-02-21 13:38:18 +00:00
+ - var_sshd_set_keepalive=1
2023-10-30 15:13:07 +00:00
+ - sshd_approved_macs=stig_extended
2024-03-04 15:52:37 +00:00
+ - sshd_approved_ciphers=stig_extended
2021-11-17 13:33:00 +00:00
+ - sshd_idle_timeout_value=10_minutes
+ - var_accounts_authorized_local_users_regex=rhel8
+ - var_accounts_passwords_pam_faillock_deny=3
+ - var_accounts_passwords_pam_faillock_fail_interval=900
+ - var_accounts_passwords_pam_faillock_unlock_time=never
+ - var_ssh_client_rekey_limit_size=1G
+ - var_ssh_client_rekey_limit_time=1hour
+ - var_accounts_fail_delay=4
+ - var_account_disable_post_pw_expiration=35
+ - var_auditd_action_mail_acct=root
+ - var_time_service_set_maxpoll=18_hours
+ - var_accounts_maximum_age_login_defs=60
+ - var_auditd_space_left_percentage=25pc
+ - var_auditd_space_left_action=email
2023-02-21 13:38:18 +00:00
+ - var_auditd_disk_error_action=rhel8
2021-11-17 13:33:00 +00:00
+ - var_auditd_max_log_file_action=syslog
2023-02-21 13:38:18 +00:00
+ - var_auditd_disk_full_action=rhel8
2022-06-29 08:41:07 +00:00
+ - var_sssd_certificate_verification_digest_function=sha1
+ - login_banner_text=dod_banners
2023-02-21 13:38:18 +00:00
+ - var_authselect_profile=sssd
2021-11-17 13:33:00 +00:00
+
+ ### Enable / Configure FIPS
+ - enable_fips_mode
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - configure_bind_crypto_policy
+ - configure_libreswan_crypto_policy
+ - configure_kerberos_crypto_policy
+ - enable_dracut_fips_module
+
2023-02-21 13:38:18 +00:00
+ # Other needed rules
+ - enable_authselect
+
2021-11-17 13:33:00 +00:00
+ ### Rules:
+ # RHEL-08-010000
+ - installed_OS_is_vendor_supported
+
+ # RHEL-08-010001
+ - package_mcafeetp_installed
+ - agent_mfetpd_running
+
+ # RHEL-08-010010
+ - security_patches_up_to_date
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-010019
+ - ensure_almalinux_gpgkey_installed
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010020
+ - sysctl_crypto_fips_enabled
+
+ # RHEL-08-010030
+ - encrypt_partitions
+
+ # RHEL-08-010040
+ - sshd_enable_warning_banner
+
+ # RHEL-08-010049
+ - dconf_gnome_banner_enabled
+
+ # RHEL-08-010050
+ - dconf_gnome_login_banner_text
+
+ # RHEL-08-010060
+ - banner_etc_issue
+
+ # RHEL-08-010070
+ - rsyslog_remote_access_monitoring
+
+ # RHEL-08-010090
2023-10-30 15:13:07 +00:00
+ - sssd_has_trust_anchor
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010100
2023-10-30 15:13:07 +00:00
+ - ssh_keys_passphrase_protected
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010110
+ - set_password_hashing_algorithm_logindefs
+
+ # RHEL-08-010120
+ - accounts_password_all_shadowed_sha512
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-010121
+ - no_empty_passwords_etc_shadow
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010130
2023-02-21 13:38:18 +00:00
+ - set_password_hashing_min_rounds_logindefs
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010140
+ - grub2_uefi_password
+
+ # RHEL-08-010141
+ - grub2_uefi_admin_username
+
+ # RHEL-08-010149
+ - grub2_admin_username
+
+ # RHEL-08-010150
+ - grub2_password
+
+ # RHEL-08-010151
+ - require_singleuser_auth
+
+ # RHEL-08-010152
+ - require_emergency_target_auth
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010159
+ - set_password_hashing_algorithm_passwordauth
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010160
+ - set_password_hashing_algorithm_systemauth
+
+ # RHEL-08-010161
+ - kerberos_disable_no_keytab
+
+ # RHEL-08-010162
+ - package_krb5-workstation_removed
+
+ # RHEL-08-010170
+ - selinux_state
+
+ # RHEL-08-010171
+ - package_policycoreutils_installed
+
+ # RHEL-08-010190
+ - dir_perms_world_writable_sticky_bits
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-010200
+ - sshd_set_keepalive
+ # RHEL-08-010201
+ - sshd_set_idle_timeout
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010210
+ - file_permissions_var_log_messages
+
+ # RHEL-08-010220
+ - file_owner_var_log_messages
+
+ # RHEL-08-010230
+ - file_groupowner_var_log_messages
+
+ # RHEL-08-010240
+ - file_permissions_var_log
+
+ # RHEL-08-010250
+ - file_owner_var_log
+
+ # RHEL-08-010260
+ - file_groupowner_var_log
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010287
2021-11-17 13:33:00 +00:00
+ - configure_ssh_crypto_policy
+
+ # RHEL-08-010290
+ - harden_sshd_macs_openssh_conf_crypto_policy
+ - harden_sshd_macs_opensshserver_conf_crypto_policy
+
+ # RHEL-08-010291
+ - harden_sshd_ciphers_openssh_conf_crypto_policy
+ - harden_sshd_ciphers_opensshserver_conf_crypto_policy
+
+ # RHEL-08-010292
+ - sshd_use_strong_rng
+
+ # RHEL-08-010293
+ - configure_openssl_crypto_policy
+
+ # RHEL-08-010294
+ - configure_openssl_tls_crypto_policy
+
+ # RHEL-08-010295
+ - configure_gnutls_tls_crypto_policy
+
+ # RHEL-08-010300
+ - file_permissions_binary_dirs
+
+ # RHEL-08-010310
+ - file_ownership_binary_dirs
+
+ # RHEL-08-010320
+ - file_groupownership_system_commands_dirs
+
+ # RHEL-08-010330
+ - file_permissions_library_dirs
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010331
+ - dir_permissions_library_dirs
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010340
+ - file_ownership_library_dirs
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010341
+ - dir_ownership_library_dirs
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010350
+ - root_permissions_syslibrary_files
2022-06-29 08:41:07 +00:00
+
+ # RHEL-08-010351
2021-11-17 13:33:00 +00:00
+ - dir_group_ownership_library_dirs
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-010358
+ - package_mailx_installed
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010359
2021-11-17 13:33:00 +00:00
+ - package_aide_installed
2023-02-21 13:38:18 +00:00
+ - aide_build_database
2022-06-29 08:41:07 +00:00
+
+ # RHEL-08-010360
2021-11-17 13:33:00 +00:00
+ - aide_scan_notification
+
+ # RHEL-08-010370
+ - ensure_gpgcheck_globally_activated
2023-02-21 13:38:18 +00:00
+ - ensure_gpgcheck_never_disabled
+
+ # Necessary for package installs after gpgcheck is enabled
+ - ensure_almalinux_gpgkey_installed
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010371
+ - ensure_gpgcheck_local_packages
+
+ # RHEL-08-010372
+ - sysctl_kernel_kexec_load_disabled
+
+ # RHEL-08-010373
+ - sysctl_fs_protected_symlinks
+
+ # RHEL-08-010374
+ - sysctl_fs_protected_hardlinks
+
+ # RHEL-08-010375
+ - sysctl_kernel_dmesg_restrict
+
+ # RHEL-08-010376
+ - sysctl_kernel_perf_event_paranoid
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-010379
+ - sudoers_default_includedir
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010380
+ - sudo_remove_nopasswd
+
+ # RHEL-08-010381
+ - sudo_remove_no_authenticate
+
+ # RHEL-08-010382
+ - sudo_restrict_privilege_elevation_to_authorized
+
+ # RHEL-08-010383
+ - sudoers_validate_passwd
+
+ # RHEL-08-010384
+ - sudo_require_reauthentication
+ - var_sudo_timestamp_timeout=always_prompt
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-010385
+ - disallow_bypass_password_sudo
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010390
+ - install_smartcard_packages
+
+ # RHEL-08-010400
2022-06-29 08:41:07 +00:00
+ - sssd_certificate_verification
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010410
+ - package_opensc_installed
+
+ # RHEL-08-010420
+ - bios_enable_execution_restrictions
+
+ # RHEL-08-010421
+ - grub2_page_poison_argument
+
+ # RHEL-08-010422
+ - grub2_vsyscall_argument
+
+ # RHEL-08-010423
+ - grub2_slub_debug_argument
2023-02-21 13:38:18 +00:00
+ - var_slub_debug_options=P
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010430
+ - sysctl_kernel_randomize_va_space
+
+ # RHEL-08-010440
+ - clean_components_post_updating
+
+ # RHEL-08-010450
+ - selinux_policytype
+
+ # RHEL-08-010460
+ - no_host_based_files
+
+ # RHEL-08-010470
+ - no_user_host_based_files
+
+ # RHEL-08-010471
2023-10-30 15:13:07 +00:00
+ # Not applicable for RHEL 8.4+
+ - service_rngd_enabled
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010472
+ - package_rng-tools_installed
+
+ # RHEL-08-010480
+ - file_permissions_sshd_pub_key
+
+ # RHEL-08-010490
+ - file_permissions_sshd_private_key
+
+ # RHEL-08-010500
+ - sshd_enable_strictmodes
+
+ # RHEL-08-010520
+ - sshd_disable_user_known_hosts
+
+ # RHEL-08-010521
+ - sshd_disable_kerb_auth
+
+ # RHEL-08-010522
+ - sshd_disable_gssapi_auth
+
+ # RHEL-08-010540
+ - partition_for_var
+
+ # RHEL-08-010541
+ - partition_for_var_log
+
+ # RHEL-08-010542
+ - partition_for_var_log_audit
+
+ # RHEL-08-010543
+ - partition_for_tmp
+
+ # RHEL-08-010544
+ - partition_for_var_tmp
+
+ # RHEL-08-010550
+ - sshd_disable_root_login
+
+ # RHEL-08-010561
+ - service_rsyslog_enabled
+
+ # RHEL-08-010570
+ - mount_option_home_nosuid
+
+ # RHEL-08-010571
+ - mount_option_boot_nosuid
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-010572
+ - mount_option_boot_efi_nosuid
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010580
+ - mount_option_nodev_nonroot_local_partitions
+
+ # RHEL-08-010590
+ - mount_option_home_noexec
+
+ # RHEL-08-010600
+ - mount_option_nodev_removable_partitions
+
+ # RHEL-08-010610
+ - mount_option_noexec_removable_partitions
+
+ # RHEL-08-010620
+ - mount_option_nosuid_removable_partitions
+
+ # RHEL-08-010630
+ - mount_option_noexec_remote_filesystems
+
+ # RHEL-08-010640
+ - mount_option_nodev_remote_filesystems
+
+ # RHEL-08-010650
+ - mount_option_nosuid_remote_filesystems
+
+ # RHEL-08-010660
+ - accounts_user_dot_no_world_writable_programs
+
+ # RHEL-08-010670
+ - service_kdump_disabled
+
+ # RHEL-08-010671
+ - sysctl_kernel_core_pattern
+
+ # RHEL-08-010672
+ - service_systemd-coredump_disabled
+
+ # RHEL-08-010673
+ - disable_users_coredumps
+
+ # RHEL-08-010674
+ - coredump_disable_storage
+
+ # RHEL-08-010675
+ - coredump_disable_backtraces
+
+ # RHEL-08-010680
+ - network_configure_name_resolution
+
+ # RHEL-08-010690
+ - accounts_user_home_paths_only
+
+ # RHEL-08-010700
+ - dir_perms_world_writable_root_owned
+
+ # RHEL-08-010710
2023-02-21 13:38:18 +00:00
+ - dir_perms_world_writable_system_owned_group
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-010720
+ - accounts_user_interactive_home_directory_defined
+
+ # RHEL-08-010730
+ - file_permissions_home_directories
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-010731
+ - accounts_users_home_files_permissions
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010740
+ - file_groupownership_home_directories
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-010741
+ - accounts_users_home_files_groupownership
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-010750
+ - accounts_user_interactive_home_directory_exists
+
+ # RHEL-08-010760
+ - accounts_have_homedir_login_defs
+
+ # RHEL-08-010770
+ - file_permission_user_init_files
+
+ # RHEL-08-010780
+ - no_files_unowned_by_user
+
+ # RHEL-08-010790
+ - file_permissions_ungroupowned
+
+ # RHEL-08-010800
+ - partition_for_home
+
+ # RHEL-08-010820
+ - gnome_gdm_disable_automatic_login
+
+ # RHEL-08-010830
+ - sshd_do_not_permit_user_env
+
+ # RHEL-08-020000
+ - account_temp_expire_date
+
2024-03-04 15:52:37 +00:00
+ # RHEL-08-020010, RHEL-08-020011
2021-11-17 13:33:00 +00:00
+ - accounts_passwords_pam_faillock_deny
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-020012, RHEL-08-020013
2021-11-17 13:33:00 +00:00
+ - accounts_passwords_pam_faillock_interval
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-020014, RHEL-08-020015
2021-11-17 13:33:00 +00:00
+ - accounts_passwords_pam_faillock_unlock_time
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-020016, RHEL-08-020017
+ - accounts_passwords_pam_faillock_dir
2021-11-17 13:33:00 +00:00
+
2023-02-21 13:38:18 +00:00
+ # # RHEL-08-020018, RHEL-08-020019
+ - accounts_passwords_pam_faillock_silent
2021-11-17 13:33:00 +00:00
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-020020, RHEL-08-020021
+ - accounts_passwords_pam_faillock_audit
2021-11-17 13:33:00 +00:00
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-020022, RHEL-08-020023
2021-11-17 13:33:00 +00:00
+ - accounts_passwords_pam_faillock_deny_root
+
+ # RHEL-08-020024
+ - accounts_max_concurrent_login_sessions
+
2024-03-04 15:52:37 +00:00
+ # RHEL-08-020025
+ - account_password_pam_faillock_system_auth
+
+ # RHEL-08-020026
+ - account_password_pam_faillock_password_auth
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-020027, RHEL-08-020028
+ - account_password_selinux_faillock_dir
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-020030
+ - dconf_gnome_screensaver_lock_enabled
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-020031, RHEL-08-020080
+ - dconf_gnome_screensaver_lock_delay
+ - var_screensaver_lock_delay=5_seconds
+
+ # RHEL-08-020032
+ - dconf_gnome_disable_user_list
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-020035
+ - logind_session_timeout
2024-03-04 15:52:37 +00:00
+ - var_logind_session_timeout=15_minutes
2023-10-30 15:13:07 +00:00
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-020039
+ - package_tmux_installed
+
+ # RHEL-08-020040
+ - configure_tmux_lock_command
2023-02-21 13:38:18 +00:00
+ - configure_tmux_lock_keybinding
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-020041
2023-02-21 13:38:18 +00:00
+ - configure_bashrc_tmux
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-020042
+ - no_tmux_in_shells
+
+ # RHEL-08-020050
+ - dconf_gnome_lock_screen_on_smartcard_removal
+
+ # RHEL-08-020060
+ - dconf_gnome_screensaver_idle_delay
+
+ # RHEL-08-020070
+ - configure_tmux_lock_after_time
+
+ # RHEL-08-020080
2023-02-21 13:38:18 +00:00
+ - dconf_gnome_screensaver_user_locks
+
+ # RHEL-08-020081
+ - dconf_gnome_session_idle_user_locks
2021-11-17 13:33:00 +00:00
+
2024-03-04 15:52:37 +00:00
+ # RHEL-08-020082
+ - dconf_gnome_screensaver_lock_locked
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-020090
+ - sssd_enable_certmap
+
+ # RHEL-08-020100
2022-06-29 08:41:07 +00:00
+ - accounts_password_pam_pwquality_password_auth
+
+ # RHEL-08-020101
+ - accounts_password_pam_pwquality_system_auth
+
+ # RHEL-08-020102
+ # This is only required for RHEL8 systems below version 8.4 where the
+ # retry parameter was not yet available on /etc/security/pwquality.conf.
+
+ # RHEL-08-020103
+ # This is only required for RHEL8 systems below version 8.4 where the
+ # retry parameter was not yet available on /etc/security/pwquality.conf.
+
+ # RHEL-08-020104
2021-11-17 13:33:00 +00:00
+ - accounts_password_pam_retry
+
+ # RHEL-08-020110
+ - accounts_password_pam_ucredit
+
+ # RHEL-08-020120
+ - accounts_password_pam_lcredit
+
+ # RHEL-08-020130
+ - accounts_password_pam_dcredit
+
+ # RHEL-08-020140
+ - accounts_password_pam_maxclassrepeat
+
+ # RHEL-08-020150
+ - accounts_password_pam_maxrepeat
+
+ # RHEL-08-020160
+ - accounts_password_pam_minclass
+
+ # RHEL-08-020170
+ - accounts_password_pam_difok
+
+ # RHEL-08-020180
+ - accounts_password_set_min_life_existing
+
+ # RHEL-08-020190
+ - accounts_minimum_age_login_defs
+
+ # RHEL-08-020200
+ - accounts_maximum_age_login_defs
+
+ # RHEL-08-020210
+ - accounts_password_set_max_life_existing
+
+ # RHEL-08-020220
+ - accounts_password_pam_pwhistory_remember_system_auth
2022-06-29 08:41:07 +00:00
+
+ # RHEL-08-020221
2021-11-17 13:33:00 +00:00
+ - accounts_password_pam_pwhistory_remember_password_auth
+
+ # RHEL-08-020230
+ - accounts_password_pam_minlen
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-020231
+ - accounts_password_minlen_login_defs
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-020240
+ - account_unique_id
+
+ # RHEL-08-020250
+ - sssd_enable_smartcards
+
+ # RHEL-08-020260
+ - account_disable_post_pw_expiration
+
+ # RHEL-08-020270
2023-10-30 15:13:07 +00:00
+ - account_temp_expire_date
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-020280
+ - accounts_password_pam_ocredit
+
+ # RHEL-08-020290
+ - sssd_offline_cred_expiration
+
+ # RHEL-08-020300
+ - accounts_password_pam_dictcheck
+
+ # RHEL-08-020310
+ - accounts_logon_fail_delay
+
+ # RHEL-08-020320
+ - accounts_authorized_local_users
+
+ # RHEL-08-020330
+ - sshd_disable_empty_passwords
+
+ # RHEL-08-020331
+ - no_empty_passwords
+
+ # RHEL-08-020332
+
+ # RHEL-08-020340
+ - display_login_attempts
+
+ # RHEL-08-020350
+ - sshd_print_last_log
+
+ # RHEL-08-020351
+ - accounts_umask_etc_login_defs
+
+ # RHEL-08-020352
+ - accounts_umask_interactive_users
+
+ # RHEL-08-020353
+ - accounts_umask_etc_bashrc
2022-06-29 08:41:07 +00:00
+ - accounts_umask_etc_csh_cshrc
+ - accounts_umask_etc_profile
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030000
+ - audit_rules_suid_privilege_function
+
+ # RHEL-08-030010
+ - rsyslog_cron_logging
+
+ # RHEL-08-030020
+ - auditd_data_retention_action_mail_acct
+
+ # RHEL-08-030030
2023-02-21 13:38:18 +00:00
+ - postfix_client_configure_mail_alias_postmaster
+ - package_postfix_installed
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030040
+ - auditd_data_disk_error_action
+
+ # RHEL-08-030060
+ - auditd_data_disk_full_action
+
+ # RHEL-08-030061
+ - auditd_local_events
+
+ # RHEL-08-030062
+ - auditd_name_format
2024-03-04 15:52:37 +00:00
+ - var_auditd_name_format=stig
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030063
+ - auditd_log_format
+
+ # RHEL-08-030070
+ - file_permissions_var_log_audit
+
+ # RHEL-08-030080
+ - file_ownership_var_log_audit_stig
+
+ # RHEL-08-030090
+ - file_group_ownership_var_log_audit
+
+ # RHEL-08-030100
+ - directory_ownership_var_log_audit
+
+ # RHEL-08-030110
+ - directory_group_ownership_var_log_audit
+
+ # RHEL-08-030120
+ - directory_permissions_var_log_audit
+
+ # *** NOTE *** #
+ # Audit rules are currently under review as to how best to approach
+ # them. We are working with DISA and our internal audit experts to
+ # provide a final solution soon.
+ # ************ #
+
+ # RHEL-08-030121
+ - audit_rules_immutable
+
+ # RHEL-08-030122
2023-02-21 13:38:18 +00:00
+ - audit_rules_immutable_login_uids
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030130
+ - audit_rules_usergroup_modification_shadow
+
+ # RHEL-08-030140
+ - audit_rules_usergroup_modification_opasswd
+
+ # RHEL-08-030150
+ - audit_rules_usergroup_modification_passwd
+
+ # RHEL-08-030160
+ - audit_rules_usergroup_modification_gshadow
+
+ # RHEL-08-030170
+ - audit_rules_usergroup_modification_group
+
+ # RHEL-08-030171
+ - audit_rules_sudoers
+
+ # RHEL-08-030172
+ - audit_rules_sudoers_d
+
+ # RHEL-08-030180
+ - package_audit_installed
+
+ # RHEL-08-030181
+ - service_auditd_enabled
+
+ # RHEL-08-030190
+ - audit_rules_privileged_commands_su
+
+ # RHEL-08-030200
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_fremovexattr
2022-06-29 08:41:07 +00:00
+ - audit_rules_dac_modification_setxattr
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030250
+ - audit_rules_privileged_commands_chage
+
+ # RHEL-08-030260
+ - audit_rules_execution_chcon
+
+
+ # RHEL-08-030280
+ - audit_rules_privileged_commands_ssh_agent
+
+ # RHEL-08-030290
+ - audit_rules_privileged_commands_passwd
+
+ # RHEL-08-030300
+ - audit_rules_privileged_commands_mount
+
+ # RHEL-08-030301
+ - audit_rules_privileged_commands_umount
+
+ # RHEL-08-030302
+ - audit_rules_media_export
+
+ # RHEL-08-030310
+ - audit_rules_privileged_commands_unix_update
+
+ # RHEL-08-030311
+ - audit_rules_privileged_commands_postdrop
+
+ # RHEL-08-030312
+ - audit_rules_privileged_commands_postqueue
+
+ # RHEL-08-030313
+ - audit_rules_execution_semanage
+
+ # RHEL-08-030314
+ - audit_rules_execution_setfiles
+
+ # RHEL-08-030315
+ - audit_rules_privileged_commands_userhelper
+
+ # RHEL-08-030316
+ - audit_rules_execution_setsebool
+
+ # RHEL-08-030317
+ - audit_rules_privileged_commands_unix_chkpwd
+
+ # RHEL-08-030320
+ - audit_rules_privileged_commands_ssh_keysign
+
+ # RHEL-08-030330
+ - audit_rules_execution_setfacl
+
+ # RHEL-08-030340
+ - audit_rules_privileged_commands_pam_timestamp_check
+
+ # RHEL-08-030350
+ - audit_rules_privileged_commands_newgrp
+
+ # RHEL-08-030360
+ - audit_rules_kernel_module_loading_init
2022-06-29 08:41:07 +00:00
+ - audit_rules_kernel_module_loading_finit
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030361
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_rmdir
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_file_deletion_events_unlinkat
+
+ # RHEL-08-030370
+ - audit_rules_privileged_commands_gpasswd
+
+ # RHEL-08-030390
+ - audit_rules_kernel_module_loading_delete
+
+ # RHEL-08-030400
+ - audit_rules_privileged_commands_crontab
+
+ # RHEL-08-030410
+ - audit_rules_privileged_commands_chsh
+
+ # RHEL-08-030420
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at
+ - audit_rules_unsuccessful_file_modification_ftruncate
+ - audit_rules_unsuccessful_file_modification_creat
+
+ # RHEL-08-030480
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fchown
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-030490
+ - audit_rules_dac_modification_chmod
2021-11-17 13:33:00 +00:00
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchmod
+
+ # RHEL-08-030550
+ - audit_rules_privileged_commands_sudo
+
+ # RHEL-08-030560
+ - audit_rules_privileged_commands_usermod
+
+ # RHEL-08-030570
+ - audit_rules_execution_chacl
+
+ # RHEL-08-030580
+ - audit_rules_privileged_commands_kmod
+
+ # RHEL-08-030590
2023-10-30 15:13:07 +00:00
+ - audit_rules_login_events_faillock
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030600
+ - audit_rules_login_events_lastlog
+
+ # RHEL-08-030601
+ - grub2_audit_argument
+
+ # RHEL-08-030602
+ - grub2_audit_backlog_limit_argument
+
+ # RHEL-08-030603
+ - configure_usbguard_auditbackend
+
+ # RHEL-08-030610
+ - file_permissions_etc_audit_auditd
+ - file_permissions_etc_audit_rulesd
+
+ # RHEL-08-030620
2023-02-21 13:38:18 +00:00
+ - file_audit_tools_permissions
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030630
2023-02-21 13:38:18 +00:00
+ - file_audit_tools_ownership
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030640
2023-02-21 13:38:18 +00:00
+ - file_audit_tools_group_ownership
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030650
+ - aide_check_audit_tools
+
+ # RHEL-08-030660
+ - auditd_audispd_configure_sufficiently_large_partition
+
+ # RHEL-08-030670
+ - package_rsyslog_installed
+
+ # RHEL-08-030680
+ - package_rsyslog-gnutls_installed
+
+ # RHEL-08-030690
+ - rsyslog_remote_loghost
+
+ # RHEL-08-030700
+ - auditd_overflow_action
+
+ # RHEL-08-030710
+ - rsyslog_encrypt_offload_defaultnetstreamdriver
+ - rsyslog_encrypt_offload_actionsendstreamdrivermode
+
+ # RHEL-08-030720
+ - rsyslog_encrypt_offload_actionsendstreamdriverauthmode
+
+ # RHEL-08-030730
+ - auditd_data_retention_space_left_percentage
+
+ # RHEL-08-030731
+ - auditd_data_retention_space_left_action
+
+ # RHEL-08-030740
+ # remediation fails because default configuration file contains pool instead of server keyword
+ - chronyd_or_ntpd_set_maxpoll
2022-06-29 08:41:07 +00:00
+ - chronyd_server_directive
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-030741
+ - chronyd_client_only
+
+ # RHEL-08-030742
+ - chronyd_no_chronyc_network
+
+ # RHEL-08-040000
+ - package_telnet-server_removed
+
+ # RHEL-08-040001
+ - package_abrt_removed
+ - package_abrt-addon-ccpp_removed
+ - package_abrt-addon-kerneloops_removed
2022-06-29 08:41:07 +00:00
+ - package_python3-abrt-addon_removed
2021-11-17 13:33:00 +00:00
+ - package_abrt-cli_removed
+ - package_abrt-plugin-sosreport_removed
2023-02-21 13:38:18 +00:00
+ - package_libreport-plugin-rhtsupport_removed
+ - package_libreport-plugin-logger_removed
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040002
+ - package_sendmail_removed
+
+ # RHEL-08-040003
+ ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370
+
+ # RHEL-08-040004
+ - grub2_pti_argument
+
+ # RHEL-08-040010
+ - package_rsh-server_removed
+
+ # RHEL-08-040020
2024-03-04 15:52:37 +00:00
+ - kernel_module_uvcvideo_disabled
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040021
+ - kernel_module_atm_disabled
+
+ # RHEL-08-040022
+ - kernel_module_can_disabled
+
+ # RHEL-08-040023
+ - kernel_module_sctp_disabled
+
+ # RHEL-08-040024
+ - kernel_module_tipc_disabled
+
+ # RHEL-08-040025
+ - kernel_module_cramfs_disabled
+
+ # RHEL-08-040026
+ - kernel_module_firewire-core_disabled
+
+ # RHEL-08-040030
+ - configure_firewalld_ports
+
+ # RHEL-08-040060
2023-10-30 15:13:07 +00:00
+ ### NOTE: Removed in V1R2
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040070
+ - service_autofs_disabled
+
+ # RHEL-08-040080
+ - kernel_module_usb-storage_disabled
+
+ # RHEL-08-040090
2024-03-04 15:52:37 +00:00
+ - configured_firewalld_default_deny
+ - set_firewalld_default_zone
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040100
+ - package_firewalld_installed
+
+ # RHEL-08-040101
+ - service_firewalld_enabled
+
+ # RHEL-08-040110
+ - wireless_disable_interfaces
+
+ # RHEL-08-040111
+ - kernel_module_bluetooth_disabled
+
+ # RHEL-08-040120
+ - mount_option_dev_shm_nodev
+
+ # RHEL-08-040121
+ - mount_option_dev_shm_nosuid
+
+ # RHEL-08-040122
+ - mount_option_dev_shm_noexec
+
+ # RHEL-08-040123
+ - mount_option_tmp_nodev
+
+ # RHEL-08-040124
+ - mount_option_tmp_nosuid
+
+ # RHEL-08-040125
+ - mount_option_tmp_noexec
+
+ # RHEL-08-040126
+ - mount_option_var_log_nodev
+
+ # RHEL-08-040127
+ - mount_option_var_log_nosuid
+
+ # RHEL-08-040128
+ - mount_option_var_log_noexec
+
+ # RHEL-08-040129
+ - mount_option_var_log_audit_nodev
+
+ # RHEL-08-040130
+ - mount_option_var_log_audit_nosuid
+
+ # RHEL-08-040131
+ - mount_option_var_log_audit_noexec
+
+ # RHEL-08-040132
+ - mount_option_var_tmp_nodev
+
+ # RHEL-08-040133
+ - mount_option_var_tmp_nosuid
+
+ # RHEL-08-040134
+ - mount_option_var_tmp_noexec
+
+ # RHEL-08-040135
+ - package_fapolicyd_installed
+
+ # RHEL-08-040136
+ - service_fapolicyd_enabled
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-040137
+ - fapolicy_default_deny
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-040139
+ - package_usbguard_installed
+
+ # RHEL-08-040140
+ - usbguard_generate_policy
+
+ # RHEL-08-040141
+ - service_usbguard_enabled
+
+ # RHEL-08-040150
2024-03-04 15:52:37 +00:00
+ - firewalld-backend
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040159
+ - package_openssh-server_installed
+
+ # RHEL-08-040160
+ - service_sshd_enabled
+
+ # RHEL-08-040161
+ - sshd_rekey_limit
+
+ # RHEL-08-040170
+ - disable_ctrlaltdel_reboot
+
+ # RHEL-08-040171
+ - dconf_gnome_disable_ctrlaltdel_reboot
+
+ # RHEL-08-040172
+ - disable_ctrlaltdel_burstaction
+
+ # RHEL-08-040180
+ - service_debug-shell_disabled
+
+ # RHEL-08-040190
+ - package_tftp-server_removed
+
+ # RHEL-08-040200
+ - accounts_no_uid_except_zero
+
+ # RHEL-08-040209
+ - sysctl_net_ipv4_conf_default_accept_redirects
+
+ # RHEL-08-040210
+ - sysctl_net_ipv6_conf_default_accept_redirects
+
+ # RHEL-08-040220
+ - sysctl_net_ipv4_conf_all_send_redirects
+
+ # RHEL-08-040230
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+
+ # RHEL-08-040239
+ - sysctl_net_ipv4_conf_all_accept_source_route
+
+ # RHEL-08-040240
+ - sysctl_net_ipv6_conf_all_accept_source_route
+
+ # RHEL-08-040249
+ - sysctl_net_ipv4_conf_default_accept_source_route
+
+ # RHEL-08-040250
+ - sysctl_net_ipv6_conf_default_accept_source_route
+
2023-02-21 13:38:18 +00:00
+ # RHEL-08-040259
+ - sysctl_net_ipv4_conf_all_forwarding
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-040260
2023-02-21 13:38:18 +00:00
+ - sysctl_net_ipv6_conf_all_forwarding
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040261
+ - sysctl_net_ipv6_conf_all_accept_ra
+
+ # RHEL-08-040262
+ - sysctl_net_ipv6_conf_default_accept_ra
+
+ # RHEL-08-040270
+ - sysctl_net_ipv4_conf_default_send_redirects
+
+ # RHEL-08-040279
+ - sysctl_net_ipv4_conf_all_accept_redirects
+
+ # RHEL-08-040280
+ - sysctl_net_ipv6_conf_all_accept_redirects
+
+ # RHEL-08-040281
+ - sysctl_kernel_unprivileged_bpf_disabled
+
+ # RHEL-08-040282
+ - sysctl_kernel_yama_ptrace_scope
+
+ # RHEL-08-040283
+ - sysctl_kernel_kptr_restrict
+
+ # RHEL-08-040284
+ - sysctl_user_max_user_namespaces
+
+ # RHEL-08-040285
+ - sysctl_net_ipv4_conf_all_rp_filter
+
+ # RHEL-08-040286
+ - sysctl_net_core_bpf_jit_harden
+
+ # RHEL-08-040290
2022-06-29 08:41:07 +00:00
+ - postfix_prevent_unrestricted_relay
2021-11-17 13:33:00 +00:00
+
+ # RHEL-08-040300
+ - aide_verify_ext_attributes
+
+ # RHEL-08-040310
+ - aide_verify_acls
+
+ # RHEL-08-040320
+ - xwindows_remove_packages
+
2022-06-29 08:41:07 +00:00
+ # RHEL-08-040321
+ - xwindows_runlevel_target
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-040330
+ - network_sniffer_disabled
+
+ # RHEL-08-040340
+ - sshd_disable_x11_forwarding
+
+ # RHEL-08-040341
+ - sshd_x11_use_localhost
+
2023-10-30 15:13:07 +00:00
+ # RHEL-08-040342
+ - sshd_use_approved_kex_ordered_stig
+
2021-11-17 13:33:00 +00:00
+ # RHEL-08-040350
+ - tftpd_uses_secure_mode
+
+ # RHEL-08-040360
+ - package_vsftpd_removed
+
+ # RHEL-08-040370
+ - package_gssproxy_removed
+
+ # RHEL-08-040380
+ - package_iprutils_removed
+
+ # RHEL-08-040390
+ - package_tuned_removed
2023-02-21 13:38:18 +00:00
+
+ # RHEL-08-040400
+ - selinux_user_login_roles
+
+ # RHEL-08-010163
+ - package_krb5-server_removed
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/profiles/stig_gui.profile b/products/almalinux8/profiles/stig_gui.profile
2021-09-15 11:41:44 +00:00
new file mode 100644
2024-03-04 15:52:37 +00:00
index 000000000..7bc5761ae
2021-09-15 11:41:44 +00:00
--- /dev/null
2021-11-17 13:33:00 +00:00
+++ b/products/almalinux8/profiles/stig_gui.profile
2024-03-04 15:52:37 +00:00
@@ -0,0 +1,43 @@
2021-11-17 13:33:00 +00:00
+documentation_complete: true
2021-09-15 11:41:44 +00:00
+
2021-11-17 13:33:00 +00:00
+metadata:
2024-03-04 15:52:37 +00:00
+ version: V1R13
2021-11-17 13:33:00 +00:00
+ SMEs:
2022-06-29 08:41:07 +00:00
+ - mab879
2021-11-17 13:33:00 +00:00
+ - ggbecker
2021-09-15 11:41:44 +00:00
+
2021-11-17 13:33:00 +00:00
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
2021-09-15 11:41:44 +00:00
+
2022-06-29 08:41:07 +00:00
+title: 'DISA STIG with GUI for Red Hat Enterprise Linux 8'
2021-11-17 13:33:00 +00:00
+
+description: |-
+ This profile contains configuration checks that align to the
2024-03-04 15:52:37 +00:00
+ DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R13.
+
+ In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
+ configuration baseline as applicable to the operating system tier of
+ Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
+
+ - Red Hat Enterprise Linux Server
+ - Red Hat Enterprise Linux Workstation and Desktop
+ - Red Hat Enterprise Linux for HPC
+ - Red Hat Storage
+ - Red Hat Containers with a Red Hat Enterprise Linux 8 image
2021-11-17 13:33:00 +00:00
+
+ Warning: The installation and use of a Graphical User Interface (GUI)
+ increases your attack vector and decreases your overall security posture. If
+ your Information Systems Security Officer (ISSO) lacks a documented operational
+ requirement for a graphical user interface, please consider using the
2022-06-29 08:41:07 +00:00
+ standard DISA STIG for Red Hat Enterprise Linux 8 profile.
2021-11-17 13:33:00 +00:00
+
+extends: stig
+
+selections:
+ # RHEL-08-040320
+ - '!xwindows_remove_packages'
2022-06-29 08:41:07 +00:00
+
+ # RHEL-08-040321
+ - '!xwindows_runlevel_target'
2023-02-21 13:38:18 +00:00
+
+ # RHEL-08-040001
+ - '!package_libreport-plugin-rhtsupport_removed'
2021-11-17 13:33:00 +00:00
diff --git a/products/almalinux8/transforms/constants.xslt b/products/almalinux8/transforms/constants.xslt
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..92f8f9c4c
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/transforms/constants.xslt
2022-06-29 08:41:07 +00:00
@@ -0,0 +1,13 @@
2021-11-17 13:33:00 +00:00
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
2021-09-15 11:41:44 +00:00
+
2021-11-17 13:33:00 +00:00
+<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
2021-09-15 11:41:44 +00:00
+
2021-11-17 13:33:00 +00:00
+<xsl:variable name="product_long_name">AlmaLinux 8</xsl:variable>
+<xsl:variable name="product_short_name">AL8</xsl:variable>
+<xsl:variable name="product_stig_id_name">AL_8_STIG</xsl:variable>
+<xsl:variable name="prod_type">almalinux8</xsl:variable>
2021-09-15 11:41:44 +00:00
+
2022-06-29 08:41:07 +00:00
+<xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/almalinuxos_linux/</xsl:variable>
2021-11-17 13:33:00 +00:00
+<xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
2021-09-15 11:41:44 +00:00
+
2021-11-17 13:33:00 +00:00
+</xsl:stylesheet>
diff --git a/products/almalinux8/transforms/table-style.xslt b/products/almalinux8/transforms/table-style.xslt
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..8b6caeab8
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/transforms/table-style.xslt
@@ -0,0 +1,5 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:import href="../../../shared/transforms/shared_table-style.xslt"/>
+
+</xsl:stylesheet>
diff --git a/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..4789419b8
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
+
+<xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/>
+<xsl:include href="constants.xslt"/>
+<xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" />
+
+</xsl:stylesheet>
diff --git a/products/almalinux8/transforms/xccdf2table-cce.xslt b/products/almalinux8/transforms/xccdf2table-cce.xslt
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..f156a6695
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-cce.xslt
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
+
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt"/>
+
+<xsl:include href="constants.xslt"/>
+<xsl:include href="table-style.xslt"/>
+
+</xsl:stylesheet>
diff --git a/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..30419e92b
2021-11-17 13:33:00 +00:00
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/>
+
+<xsl:include href="constants.xslt"/>
+<xsl:include href="table-style.xslt"/>
+
+</xsl:stylesheet>
2021-09-15 11:41:44 +00:00
diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml
new file mode 100644
2023-02-21 13:38:18 +00:00
index 000000000..91af880dd
2021-09-15 11:41:44 +00:00
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_almalinux8.xml
@@ -0,0 +1,36 @@
+<def-group>
+ <definition class="inventory"
+ id="installed_OS_is_almalinux8" version="1">
+ <metadata>
+ <title>AlmaLinux 8</title>
+ <affected family="unix">
+ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:almalinux:almalinux:8"
+ source="CPE" />
+
+ <description>The operating system installed on the system is
+ AlmaLinux 8</description>
+ </metadata>
+ <criteria>
+ <extend_definition comment="Installed OS is part of the Unix family"
+ definition_ref="installed_OS_is_part_of_Unix_family" />
+ <criteria operator="OR">
+ <criterion comment="AlmaLinux 8 System is installed"
+ test_ref="test_almalinux8_system" />
+ </criteria>
+ </criteria>
+ </definition>
+
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="almalinux-release is version 8" id="test_almalinux8_system" version="1">
+ <linux:object object_ref="obj_almalinux8_system" />
+ <linux:state state_ref="state_almalinux8_system" />
+ </linux:rpminfo_test>
+ <linux:rpminfo_state id="state_almalinux8_system" version="1">
+ <linux:version operation="pattern match">^8.*$</linux:version>
+ </linux:rpminfo_state>
+ <linux:rpminfo_object id="obj_almalinux8_system" version="1">
+ <linux:name>almalinux-release</linux:name>
+ </linux:rpminfo_object>
+
+</def-group>
diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
2024-03-04 15:52:37 +00:00
index e5cf1ffba..29e76b97e 100644
2021-09-15 11:41:44 +00:00
--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
2024-03-04 15:52:37 +00:00
@@ -14,6 +14,7 @@
2021-09-15 11:41:44 +00:00
<platform>multi_platform_ol</platform>
<platform>multi_platform_rhcos</platform>
<platform>multi_platform_rhel</platform>
2022-06-29 08:41:07 +00:00
+<platform>multi_platform_almalinux</platform>
2021-09-15 11:41:44 +00:00
<platform>multi_platform_rhv</platform>
<platform>multi_platform_sle</platform>
2023-02-21 13:38:18 +00:00
<platform>multi_platform_ubuntu</platform>
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-almalinux8-v1r12-xccdf-scap.xml b/shared/references/disa-stig-almalinux8-v1r12-xccdf-scap.xml
2022-06-29 08:41:07 +00:00
new file mode 120000
2024-03-04 15:52:37 +00:00
index 000000000..8b175b211
2022-06-29 08:41:07 +00:00
--- /dev/null
2024-03-04 15:52:37 +00:00
+++ b/shared/references/disa-stig-almalinux8-v1r12-xccdf-scap.xml
2022-06-29 08:41:07 +00:00
@@ -0,0 +1 @@
2024-03-04 15:52:37 +00:00
+disa-stig-rhel8-v1r12-xccdf-scap.xml
2022-06-29 08:41:07 +00:00
\ No newline at end of file
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-almalinux8-v1r13-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v1r13-xccdf-manual.xml
2021-11-17 13:33:00 +00:00
new file mode 120000
2024-03-04 15:52:37 +00:00
index 000000000..7e3fb4c84
2021-11-17 13:33:00 +00:00
--- /dev/null
2024-03-04 15:52:37 +00:00
+++ b/shared/references/disa-stig-almalinux8-v1r13-xccdf-manual.xml
2021-11-17 13:33:00 +00:00
@@ -0,0 +1 @@
2024-03-04 15:52:37 +00:00
+disa-stig-rhel8-v1r13-xccdf-manual.xml
2021-11-17 13:33:00 +00:00
\ No newline at end of file
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
index 1d087be21..306818938 100644
--- a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
+++ b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
@@ -934,7 +934,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
2023-02-21 13:38:18 +00:00
$ sudo grep -iw grub2_password /boot/grub2/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r744074_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r744074_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
2022-06-29 08:41:07 +00:00
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -946,7 +946,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
2022-06-29 08:41:07 +00:00
Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
2023-02-21 13:38:18 +00:00
If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221703"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221703r818811_rule" weight="10.0" severity="medium"><version>OL07-00-010500</version><title>The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.</title><description>&lt;VulnDiscussion&gt;To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
2024-03-04 15:52:37 +00:00
@@ -1838,7 +1838,7 @@ On BIOS-based machines, use the following command:
2022-06-29 08:41:07 +00:00
On UEFI-based machines, use the following command:
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
2024-03-04 15:52:37 +00:00
@@ -1869,7 +1869,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
2022-06-29 08:41:07 +00:00
If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
# grep fips /boot/grub2/grub.cfg
/vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
2024-03-04 15:52:37 +00:00
@@ -1941,23 +1941,23 @@ An example rule that includes the "sha512" rule follows:
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.</check-content></check></Rule></Group><Group id="V-221762"><title>SRG-OS-000364-GPOS-00151</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221762r928542_rule" weight="10.0" severity="medium"><version>OL07-00-021700</version><title>The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.</title><description>&lt;VulnDiscussion&gt;Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-108367</ident><ident system="http://cyber.mil/legacy">V-99263</ident><ident system="http://cyber.mil/cci">CCI-001813</ident><fixtext fixref="F-23466r419359_fix">Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.</fixtext><fix id="F-23466r419359_fix" /><check system="C-23477r928541_chk"><check-content-ref href="Oracle_Linux_7_STIG.xml" name="M" /><check-content>Verify the system is not configured to use a boot loader on removable media.
2022-06-29 08:41:07 +00:00
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
Check for the existence of alternate boot loader configuration files with the following command:
2024-03-04 15:52:37 +00:00
# find / -name grub.cfg
- /boot/efi/EFI/redhat/grub.cfg
+ /boot/efi/EFI/almalinux/grub.cfg
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader.
+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems):
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
- # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg
+ # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg
4
Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored):
- # grep 'set root' /boot/efi/EFI/redhat/grub.cfg
+ # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg
set root='hd0,gpt2'
set root='hd0,gpt2'
set root='hd0,gpt2'
@@ -4481,12 +4481,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
Generate a new grub.cfg file with the following command:
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47788r833026_fix" /><check system="C-47831r792808_chk"><check-content-ref href="Oracle_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-47788r833026_fix" /><check system="C-47831r792808_chk"><check-content-ref href="Oracle_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
2022-06-29 08:41:07 +00:00
For systems that are running a version of Oracle Linux prior to 7.2, this is Not Applicable.
Verify that a unique name is set as the "superusers" account:
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
set superusers="[someuniquestringhere]"
export superusers
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-ol8-v1r9-xccdf-manual.xml b/shared/references/disa-stig-ol8-v1r9-xccdf-manual.xml
index 750f80b02..934912a5e 100644
--- a/shared/references/disa-stig-ol8-v1r9-xccdf-manual.xml
+++ b/shared/references/disa-stig-ol8-v1r9-xccdf-manual.xml
@@ -434,7 +434,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</fixtext><fix id="F-51923r818600_fix" /><check system=
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-248537"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-248537r779177_rule" weight="10.0" severity="high"><version>OL08-00-010140</version><title>OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 8</dc:subject><dc:identifier>5416</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-51925r779176_fix">Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file.
+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-248537"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-248537r779177_rule" weight="10.0" severity="high"><version>OL08-00-010140</version><title>OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 8</dc:subject><dc:identifier>5416</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-51925r779176_fix">Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file.
2022-06-29 08:41:07 +00:00
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -444,7 +444,7 @@ Confirm password:</fixtext><fix id="F-51925r779176_fix" /><check system="C-51971
2022-06-29 08:41:07 +00:00
Determine if an encrypted password is set for the grub superusers account. On systems that use UEFI, use the following command:
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
2024-03-04 15:52:37 +00:00
@@ -459,11 +459,11 @@ password_pbkdf2 [someuniqueUserNamehere] ${GRUB2_PASSWORD}
2022-06-29 08:41:07 +00:00
Generate a new grub.cfg file with the following command:
2023-02-21 13:38:18 +00:00
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-51926r779179_fix" /><check system="C-51972r818602_chk"><check-content-ref href="Oracle_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-51926r779179_fix" /><check system="C-51972r818602_chk"><check-content-ref href="Oracle_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
2022-06-29 08:41:07 +00:00
Verify that a unique name is set as the "superusers" account:
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
set superusers="[someuniqueUserNamehere]"
export superusers
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-rhel7-v3r14-xccdf-manual.xml b/shared/references/disa-stig-rhel7-v3r14-xccdf-manual.xml
index 77da6ecf9..ba6bdc8d9 100644
--- a/shared/references/disa-stig-rhel7-v3r14-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel7-v3r14-xccdf-manual.xml
@@ -907,7 +907,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
2022-06-29 08:41:07 +00:00
$ sudo grep -iw grub2_password /boot/grub2/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-204440"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204440r744098_rule" weight="10.0" severity="high"><version>RHEL-07-010491</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-95719</ident><ident system="http://cyber.mil/legacy">V-81007</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-204440"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204440r744098_rule" weight="10.0" severity="high"><version>RHEL-07-010491</version><title>Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-95719</ident><ident system="http://cyber.mil/legacy">V-81007</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -919,7 +919,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica
2022-06-29 08:41:07 +00:00
Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
2023-02-21 13:38:18 +00:00
If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-204441"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204441r818813_rule" weight="10.0" severity="medium"><version>RHEL-07-010500</version><title>The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.</title><description>&lt;VulnDiscussion&gt;To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
2024-03-04 15:52:37 +00:00
@@ -1847,7 +1847,7 @@ On BIOS-based machines, use the following command:
2022-06-29 08:41:07 +00:00
On UEFI-based machines, use the following command:
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
2024-03-04 15:52:37 +00:00
@@ -1878,7 +1878,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
2022-06-29 08:41:07 +00:00
If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
# grep fips /boot/grub2/grub.cfg
/vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
2024-03-04 15:52:37 +00:00
@@ -1951,23 +1951,23 @@ An example rule that includes the "sha512" rule follows:
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.</check-content></check></Rule></Group><Group id="V-204501"><title>SRG-OS-000364-GPOS-00151</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-204501r928576_rule" weight="10.0" severity="medium"><version>RHEL-07-021700</version><title>The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.</title><description>&lt;VulnDiscussion&gt;Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 7</dc:subject><dc:identifier>2899</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-86699</ident><ident system="http://cyber.mil/legacy">V-72075</ident><ident system="http://cyber.mil/cci">CCI-000318</ident><ident system="http://cyber.mil/cci">CCI-000368</ident><ident system="http://cyber.mil/cci">CCI-001812</ident><ident system="http://cyber.mil/cci">CCI-001813</ident><ident system="http://cyber.mil/cci">CCI-001814</ident><fixtext fixref="F-4625r88696_fix">Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.</fixtext><fix id="F-4625r88696_fix" /><check system="C-4625r928575_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>Verify the system is not configured to use a boot loader on removable media.
2022-06-29 08:41:07 +00:00
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
Check for the existence of alternate boot loader configuration files with the following command:
2024-03-04 15:52:37 +00:00
# find / -name grub.cfg
- /boot/efi/EFI/redhat/grub.cfg
+ /boot/efi/EFI/almalinux/grub.cfg
-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the ISSO to approve the use of removable media as a boot loader.
+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the ISSO to approve the use of removable media as a boot loader.
List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems):
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
- # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg
+ # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg
4
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored):
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
- # grep 'set root' /boot/efi/EFI/redhat/grub.cfg
+ # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg
set root='hd0,gpt2'
set root='hd0,gpt2'
set root='hd0,gpt2'
@@ -4457,13 +4457,13 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
Generate a new grub.cfg file with the following command:
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47790r833186_fix" /><check system="C-47833r792839_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-47790r833186_fix" /><check system="C-47833r792839_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_7_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
For systems that are running a version of RHEL prior to 7.2, this is Not Applicable.
2022-06-29 08:41:07 +00:00
Verify that a unique name is set as the "superusers" account:
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
set superusers="[someuniquestringhere]"
export superusers
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
index 2417b5813..cad9967ce 100644
--- a/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
@@ -3133,7 +3133,7 @@ Confirm password:</xccdf:fixtext>
2022-06-29 08:41:07 +00:00
<xccdf:ident system="http://cyber.mil/legacy">SV-95719</xccdf:ident>
<xccdf:ident system="http://cyber.mil/legacy">V-81007</xccdf:ident>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -3942,7 +3942,7 @@ On BIOS-based machines, use the following command:
2022-06-29 08:41:07 +00:00
On UEFI-based machines, use the following command:
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
2024-03-04 15:52:37 +00:00
@@ -7619,7 +7619,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package openssh-server Removed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
2024-03-04 15:52:37 +00:00
@@ -8231,7 +8232,8 @@ Operating systems need to track periods of inactivity and disable application id
2022-06-29 08:41:07 +00:00
<metadata>
<title>Limit Password Reuse</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<description>The passwords to remember should be set correctly.</description>
2024-03-04 15:52:37 +00:00
@@ -8247,7 +8249,8 @@ Operating systems need to track periods of inactivity and disable application id
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.
2024-03-04 15:52:37 +00:00
@@ -8304,7 +8307,8 @@ Terminating network connections associated with communications sessions includes
2022-06-29 08:41:07 +00:00
<metadata>
2023-02-21 13:38:18 +00:00
<title>RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
2023-02-21 13:38:18 +00:00
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -8360,7 +8364,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
2023-02-21 13:38:18 +00:00
<title>RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27364-9" />
2023-02-21 13:38:18 +00:00
<reference ref_id="audit_rules_dac_modification_chown" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -8406,7 +8411,8 @@ When a user logs on, the auid is set to the uid of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
2023-02-21 13:38:18 +00:00
<title>RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27213-8" />
<reference ref_id="audit_rules_dac_modification_setxattr" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9503,7 +9509,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Disable Host-Based Authentication</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>SSH host-based authentication should be disabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27413-4" />
2024-03-04 15:52:37 +00:00
@@ -9614,7 +9621,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Mount Remote Filesystems with nosuid</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80240-5" />
<reference ref_id="mount_option_nosuid_remote_filesystems" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9644,7 +9652,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package net-snmp Removed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package net-snmp should be removed.</description>
<reference ref_id="package_net-snmp_removed" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9671,7 +9680,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package telnet-server Removed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package telnet-server should be removed.</description>
<reference ref_id="package_telnet-server_removed" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9699,7 +9709,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package vsftpd Removed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package vsftpd should be removed.</description>
<reference ref_id="package_vsftpd_removed" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9712,7 +9723,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package xorg-x11-server-common Removed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27218-7" />
2024-03-04 15:52:37 +00:00
@@ -9741,7 +9753,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Ensure /home Located On Separate Partition</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>If user home directories will be stored locally, create a
separate partition for /home. If /home will be mounted from another
2024-03-04 15:52:37 +00:00
@@ -9759,7 +9772,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Ensure /var Located On Separate Partition</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26404-4" />
<reference ref_id="partition_for_var" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9777,7 +9791,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Ensure /var/log/audit Located On Separate Partition</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26971-2" />
<reference ref_id="partition_for_var_log_audit" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9796,7 +9811,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<title>Verify File Hashes with RPM</title>
<affected family="unix">
<platform>multi_platform_fedora</platform>
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Verify the RPM digests of system binaries using the RPM database.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27157-7" />
2024-03-04 15:52:37 +00:00
@@ -9853,7 +9869,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Ensure Only Protocol 2 Connections Allowed</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_debian</platform>
<platform>multi_platform_ubuntu</platform>
</affected>
2024-03-04 15:52:37 +00:00
@@ -9889,7 +9906,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>Disable .rhosts Files</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27377-1" />
<reference ref_id="sshd_disable_rhosts" source="ssg" />
2024-03-04 15:52:37 +00:00
@@ -9954,7 +9972,8 @@ This should be disabled.</description>
2022-06-29 08:41:07 +00:00
<metadata>
<title>Do Not Allow Users to Set Environment Options</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>PermitUserEnvironment should be disabled</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27363-1" />
2024-03-04 15:52:37 +00:00
@@ -10286,7 +10305,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
2022-06-29 08:41:07 +00:00
<metadata>
<title>Package openssh-server is version 7.4 or higher</title>
<affected family="unix">
- <platform>multi_platform_rhel</platform>
+ <platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
2024-03-04 15:52:37 +00:00
@@ -10510,12 +10530,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
2022-06-29 08:41:07 +00:00
<description>The UEFI grub2 boot loader should have password protection enabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80354-4" />
</metadata>
- <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/redhat/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
+ <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/almalinux/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
<criterion comment="Running RHEL 7.0 or 7.1?" test_ref="oval:mil.disa.stig.rhel7:tst:8658500" />
- <criterion comment="Pass if /boot/efi/EFI/redhat/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
+ <criterion comment="Pass if /boot/efi/EFI/almalinux/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
<criteria operator="AND">
- <criterion comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
- <criterion comment="make sure a superuser is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
+ <criterion comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
+ <criterion comment="make sure a superuser is defined in /boot/efi/EFI/almalinux/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
</criteria>
</criteria>
</definition>
2024-03-04 15:52:37 +00:00
@@ -11729,7 +11749,7 @@ This requirement addresses concurrent sessions for information system accounts a
2022-06-29 08:41:07 +00:00
<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/grub2/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:909" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2710" />
</file_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/redhat/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/almalinux/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2713" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="GUI banner is enabled" id="oval:mil.disa.stig.rhel7:tst:925" version="1">
2024-03-04 15:52:37 +00:00
@@ -12184,10 +12204,10 @@ This requirement addresses concurrent sessions for information system accounts a
2022-06-29 08:41:07 +00:00
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/grub2/grub.cfg files." id="oval:mil.disa.stig.rhel7:tst:9571701" version="2">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571701" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571900" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/redhat/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/almalinux/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571901" />
</textfilecontent54_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="/etc/audisp/plugins.d/au-remote.conf active = yes" id="oval:mil.disa.stig.rhel7:tst:9572700" version="2">
2024-03-04 15:52:37 +00:00
@@ -13837,7 +13857,7 @@ This requirement addresses concurrent sessions for information system accounts a
2022-06-29 08:41:07 +00:00
<filepath>/boot/grub2/grub.cfg</filepath>
</file_object>
<file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.rhel7:obj:2713" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:2720" version="6">
<behaviors multiline="true" max_depth="1" recurse_direction="down" />
2024-03-04 15:52:37 +00:00
@@ -14554,12 +14574,12 @@ This requirement addresses concurrent sessions for information system accounts a
2022-06-29 08:41:07 +00:00
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571900" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571901" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^[\s]*set[\s]+superusers=\"\S+\"$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
2024-03-04 15:52:37 +00:00
@@ -15096,7 +15116,7 @@ This requirement addresses concurrent sessions for information system accounts a
<variables>
<constant_variable datatype="string" id="oval:mil.disa.stig.defs:var:20449700" comment="grub.cfg locations" version="2">
<value>/boot/grub2/grub.cfg</value>
- <value>/boot/efi/EFI/redhat/grub.cfg</value>
+ <value>/boot/efi/EFI/almalinux/grub.cfg</value>
</constant_variable>
<local_variable id="oval:mil.disa.stig.defs:var:23036700" version="1" datatype="string" comment="Pattern to match lines starting with usernames of system users">
<concat>
@@ -15129,7 +15149,7 @@ This requirement addresses concurrent sessions for information system accounts a
2023-02-21 13:38:18 +00:00
<external_variable comment="Value of var_accounts_user_umask (the required umask) as string" datatype="string" id="oval:mil.disa.stig.rhel7:var:4211" version="1" />
2022-06-29 08:41:07 +00:00
<constant_variable datatype="string" id="oval:mil.disa.stig.rhel7:var:12600" comment="grub.cfg locations" version="2">
<value>/boot/grub2/grub.cfg</value>
- <value>/boot/efi/EFI/redhat/grub.cfg</value>
+ <value>/boot/efi/EFI/almalinux/grub.cfg</value>
</constant_variable>
2023-02-21 13:38:18 +00:00
<constant_variable datatype="string" comment="other sysctl configuration file locations" id="oval:mil.disa.stig.rhel7:var:14400" version="1">
<value>/etc/sysctl.d</value>
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
index cf7ead7c0..860287958 100644
--- a/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
@@ -2579,7 +2579,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</xccdf:fixtext>
2022-06-29 08:41:07 +00:00
<dc:identifier>2921</dc:identifier>
</xccdf:reference>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -10257,7 +10257,8 @@ Note: To preserve running user programs such as tmux, uncomment and/or edit "Kil
2023-10-30 15:13:07 +00:00
<metadata>
<title>The system is RHEL 8.3 or lower</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description />
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10269,7 +10270,8 @@ Note: To preserve running user programs such as tmux, uncomment and/or edit "Kil
2023-02-21 13:38:18 +00:00
<metadata>
<title>The RHEL 8 version is RHEL 8.2 or newer.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>External definition used to determine if the RHEL 8 version is RHEL 8.2 or newer for version applicability based requirements.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10282,7 +10284,8 @@ Note: To preserve running user programs such as tmux, uncomment and/or edit "Kil
2022-06-29 08:41:07 +00:00
<metadata>
<title>IPv6 is disabled in the kernel.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>IPv6 is disabled in the kernel, either via a kernel cmdline option or sysctl.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10298,7 +10301,8 @@ Note: To preserve running user programs such as tmux, uncomment and/or edit "Kil
2022-06-29 08:41:07 +00:00
<metadata>
<title>OpenSSH is installed.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>OpenSSH is installed</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10310,7 +10314,8 @@ Note: To preserve running user programs such as tmux, uncomment and/or edit "Kil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010110 - RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
2024-03-04 15:52:37 +00:00
@@ -10326,7 +10331,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The system must use a strong hashing algorithm to store the password.
2024-03-04 15:52:37 +00:00
@@ -10340,7 +10346,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
2024-03-04 15:52:37 +00:00
@@ -10355,15 +10362,16 @@ Passwords need to be protected at all times, and encryption is the standard meth
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</description>
</metadata>
- <criteria operator="OR" comment="IF /boot/efi/EFI/redhat/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
+ <criteria operator="OR" comment="IF /boot/efi/EFI/almalinux/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
<criteria>
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
- <criterion comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
+ <criterion comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
</criteria>
</criteria>
</definition>
2024-03-04 15:52:37 +00:00
@@ -10371,7 +10379,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10387,7 +10396,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010160 - RHEL 8 operating systems must require authentication upon booting into rescue mode.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If the system does not require valid root authentication before it boots into rescue mode, anyone who invokes rescue mode is granted privileged access to all files on the system.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10399,7 +10409,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
2024-03-04 15:52:37 +00:00
@@ -10419,7 +10430,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
2024-03-04 15:52:37 +00:00
@@ -10439,7 +10451,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010171 - RHEL 8 must have the policycoreutils package installed.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
2024-03-04 15:52:37 +00:00
@@ -10453,7 +10466,8 @@ Policycoreutils contains the policy core utilities that are required for basic o
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10467,7 +10481,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10481,7 +10496,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10495,7 +10511,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010240 - The RHEL 8 /var/log directory must have mode 0755 or less permissive.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10509,7 +10526,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010250 - The RHEL 8 /var/log directory must be owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10523,7 +10541,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -10537,7 +10556,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems.
2024-03-04 15:52:37 +00:00
@@ -10553,7 +10573,8 @@ The SSH implementation in RHEL8 uses the OPENSSL library, which does not use hig
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
2024-03-04 15:52:37 +00:00
@@ -10581,7 +10602,8 @@ RHEL 8 incorporates system-wide crypto policies by default. The employed algori
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010310 - RHEL 8 system commands must be owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
2024-03-04 15:52:37 +00:00
@@ -10595,7 +10617,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
2024-03-04 15:52:37 +00:00
@@ -10609,7 +10632,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
2024-03-04 15:52:37 +00:00
@@ -10626,7 +10650,8 @@ Verifying the authenticity of the software prior to installation validates the i
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -10649,7 +10674,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010373 - RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
2024-03-04 15:52:37 +00:00
@@ -10673,7 +10699,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010374 - RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
2024-03-04 15:52:37 +00:00
@@ -10698,7 +10725,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
2024-03-04 15:52:37 +00:00
@@ -10724,7 +10752,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010376 - RHEL 8 must prevent kernel profiling by unprivileged users.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
2024-03-04 15:52:37 +00:00
@@ -10751,7 +10780,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
2024-03-04 15:52:37 +00:00
@@ -10766,7 +10796,8 @@ When operating systems provide the capability to escalate a functional capabilit
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
2024-03-04 15:52:37 +00:00
@@ -10781,7 +10812,8 @@ When operating systems provide the capability to escalate a functional capabilit
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Using an authentication device, such as a DoD Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, credentials stored on the authentication device will not be affected.
2024-03-04 15:52:37 +00:00
@@ -10801,7 +10833,8 @@ This requirement only applies to components where this is specific to the functi
2023-02-21 13:38:18 +00:00
<metadata>
<title>RHEL-08-010430 - RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
2024-03-04 15:52:37 +00:00
@@ -10824,7 +10857,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.</description>
</metadata>
@@ -10836,7 +10870,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "shosts.equiv" files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10848,7 +10883,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The ".shosts" files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10860,7 +10896,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010480 - The RHEL 8 SSH public host key files must have mode 0644 or less permissive.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If a public host key file is modified by an unauthorized user, the SSH service may be compromised.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10873,7 +10910,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2023-02-21 13:38:18 +00:00
<title>RHEL-08-010490 - The RHEL 8 SSH private host key files must have mode 0640 or less permissive.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If an unauthorized user obtains the private SSH host key file, the host could be impersonated.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10886,7 +10924,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10899,7 +10938,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known hosts authentication.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10912,7 +10952,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Configuring these settings for the SSH daemon provides additional assurance that remote logon via SSH will not use Kerberos authentication, even in the event of misconfiguration elsewhere.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10925,7 +10966,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10938,7 +10980,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10951,7 +10994,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging on directly as root. In addition, logging on with a user-specific account provides individual accountability of actions performed on the system.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -10964,7 +11008,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010560 - The auditd service must be running in RHEL 8.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
2024-03-04 15:52:37 +00:00
@@ -10979,7 +11024,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010561 - The rsyslog service must be running in RHEL 8.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
2024-03-04 15:52:37 +00:00
@@ -10994,12 +11040,13 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
<criteria operator="OR" comment="The system is UEFI or /boot is mounted and configured with the nosuid option">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
<criteria>
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16200" comment="/boot is mounted an configured with the nosuid option." />
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16201" comment="If /boot is configured in /etc/fstab it is with the nosuid option." />
2024-03-04 15:52:37 +00:00
@@ -11010,7 +11057,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. The only legitimate location for device files is the /dev directory located on the root partition.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11023,7 +11071,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010630 - RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS).</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "noexec" mount option causes the system not to execute binary files. This option must be used for mounting any file system not containing approved binary as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11036,7 +11085,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010640 - RHEL 8 must prevent special devices on file systems that are imported via Network File System (NFS).</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11049,7 +11099,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010650 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11062,7 +11113,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010671 - RHEL 8 must disable the kernel.core_pattern.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2024-03-04 15:52:37 +00:00
@@ -11083,7 +11135,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010673 - RHEL 8 must disable core dumps for all users.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2024-03-04 15:52:37 +00:00
@@ -11098,7 +11151,8 @@ A core dump includes a memory image taken at the time the operating system termi
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010674 - RHEL 8 must disable storing core dumps.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2024-03-04 15:52:37 +00:00
@@ -11112,7 +11166,8 @@ A core dump includes a memory image taken at the time the operating system termi
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010675 - RHEL 8 must disable core dump backtraces.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2024-03-04 15:52:37 +00:00
@@ -11126,7 +11181,8 @@ A core dump includes a memory image taken at the time the operating system termi
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010760 - All RHEL 8 local interactive user accounts must be assigned a home directory upon creation</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11138,7 +11194,8 @@ A core dump includes a memory image taken at the time the operating system termi
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>SSH environment options potentially allow users to bypass access restriction in some configurations.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11151,7 +11208,8 @@ A core dump includes a memory image taken at the time the operating system termi
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020010 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11175,7 +11233,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>In RHEL 8.2 the "/etc/security/faillock.conf" file was incorporated to centralize the configuration of the pam_faillock.so module. Also introduced is a "local_users_only" option that will only track failed user authentication attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users to allow the centralized platform to solely manage user lockout.
2024-03-04 15:52:37 +00:00
@@ -11190,7 +11249,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020012 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11210,7 +11270,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11227,7 +11288,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11249,7 +11311,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11266,7 +11329,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11286,7 +11350,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11303,7 +11368,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11323,7 +11389,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020021 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11340,7 +11407,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020022 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11360,7 +11428,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
2024-03-04 15:52:37 +00:00
@@ -11377,7 +11446,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020042 - RHEL 8 must prevent users from disabling session control mechanisms.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
2024-03-04 15:52:37 +00:00
@@ -11393,7 +11463,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020180 - RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11406,7 +11477,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020190 - RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11418,7 +11490,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020200 - RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11430,7 +11503,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020231 - RHEL 8 passwords for new users must have a minimum of 15 characters.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
2024-03-04 15:52:37 +00:00
@@ -11446,7 +11520,8 @@ The DoD minimum password requirement is 15 characters.</description>
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020260 - RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
2024-03-04 15:52:37 +00:00
@@ -11460,7 +11535,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
2022-06-29 08:41:07 +00:00
<metadata>
2023-02-21 13:38:18 +00:00
<title>RHEL-08-021400 - RHEL 8 must prevent the use of dictionary words for passwords.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If RHEL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11472,7 +11548,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Configuring the operating system to implement organization-wide security implementation guides and security checklists verifies compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
2024-03-04 15:52:37 +00:00
@@ -11486,7 +11563,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020330 - RHEL 8 must not have accounts configured with blank or null passwords.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11498,7 +11576,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020350 - RHEL 8 must display the date and time of the last successful account logon upon an SSH logon.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11511,7 +11590,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-020351 - RHEL 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11523,7 +11603,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.</description>
</metadata>
2024-03-04 15:52:37 +00:00
@@ -11539,7 +11620,8 @@ Configuration settings are the set of parameters that can be changed in hardware
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
2024-03-04 15:52:37 +00:00
@@ -11555,7 +11637,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030040 - The RHEL 8 System must take appropriate action when an audit processing failure occurs.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
2024-03-04 15:52:37 +00:00
@@ -11571,7 +11654,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>It is critical that when RHEL 8 is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
2024-03-04 15:52:37 +00:00
@@ -11589,7 +11673,8 @@ When availability is an overriding concern, other approved actions in response t
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030061 - The RHEL 8 audit system must audit local events.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
2024-03-04 15:52:37 +00:00
@@ -11603,7 +11688,8 @@ Audit record content that may be necessary to satisfy this requirement includes,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
2024-03-04 15:52:37 +00:00
@@ -11621,7 +11707,8 @@ When audit logs are not labeled before they are sent to a central log server, th
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030063 - RHEL 8 must resolve audit information before writing to disk.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
2024-03-04 15:52:37 +00:00
@@ -11637,7 +11724,8 @@ Enriched logging aids in making sense of who, what, and when events occur on a s
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030080 - RHEL 8 audit logs must be owned by root to prevent unauthorized read access.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2024-03-04 15:52:37 +00:00
@@ -11651,7 +11739,8 @@ The structure and content of error messages must be carefully considered by the
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11665,7 +11754,8 @@ Audit information includes all information (e.g., audit records, audit settings,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11679,7 +11769,8 @@ Audit information includes all information (e.g., audit records, audit settings,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11693,7 +11784,8 @@ Audit information includes all information (e.g., audit records, audit settings,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11707,7 +11799,8 @@ Audit information includes all information (e.g., audit records, audit settings,
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030121 - RHEL 8 audit system must protect auditing rules from unauthorized change.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11723,7 +11816,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030122 - RHEL 8 audit system must protect logon UIDs from unauthorized change.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
2024-03-04 15:52:37 +00:00
@@ -11739,7 +11833,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030130 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11754,7 +11849,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030140 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11769,7 +11865,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030150 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11784,7 +11881,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030160 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11799,7 +11897,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030170 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11814,7 +11913,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030171 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11829,7 +11929,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030172 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11844,7 +11945,8 @@ Audit records can be generated from various components within the information sy
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030180 - The RHEL 8 audit package must be installed.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
2024-03-04 15:52:37 +00:00
@@ -11860,7 +11962,8 @@ Associating event types with detected events in RHEL 8 audit logs provides a mea
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11877,7 +11980,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr system calls.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11924,7 +12028,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030250 - Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11943,7 +12048,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11962,7 +12068,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030280 - Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11979,7 +12086,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030290 - Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -11996,7 +12104,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030300 - Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12013,7 +12122,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030301 - Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12030,7 +12140,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12048,7 +12159,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030310 - Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12065,7 +12177,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030311 - Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12082,7 +12195,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030312 - Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12099,7 +12213,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030313 - Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12116,7 +12231,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030314 - Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12133,7 +12249,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030315 - Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12150,7 +12267,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030316 - Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12167,7 +12285,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
2024-03-04 15:52:37 +00:00
@@ -12184,7 +12303,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030320 - Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12201,7 +12321,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030330 - Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12218,7 +12339,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030340 - Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12235,7 +12357,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030350 - Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12252,7 +12375,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030360 - Successful/unsuccessful uses of the init_module and finit_module command system calls in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12274,7 +12398,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat and unlinkat commandsystem calls in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12305,7 +12430,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030370 - Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12322,7 +12448,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12340,7 +12467,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
2022-06-29 08:41:07 +00:00
<metadata>
<title>RHEL-08-030400 - Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
2024-03-04 15:52:37 +00:00
@@ -12357,7 +12485,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
<metadata>
<title>RHEL-08-030410 - Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12374,7 +12503,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
<metadata>
<title>RHEL-08-030420 - Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12419,7 +12549,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
<metadata>
<title>RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat and lchown system calls in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12448,7 +12579,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
<metadata>
<title>RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod and fchmodat system calls in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12473,7 +12605,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
<metadata>
<title>RHEL-08-030550 - Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12490,7 +12623,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
<metadata>
<title>RHEL-08-030560 - Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12507,7 +12641,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
<metadata>
<title>RHEL-08-030570 - Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12524,7 +12659,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
<metadata>
<title>RHEL-08-030580 - Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12551,7 +12687,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
<metadata>
<title>RHEL-08-030600 - Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -12578,7 +12715,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
<metadata>
<title>RHEL-08-030610 - RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.</description>
</metadata>
@@ -12591,7 +12729,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
<metadata>
<title>RHEL-08-030620 - RHEL 8 audit tools must have a mode of 0755 or less permissive.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
@@ -12607,7 +12746,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
<metadata>
<title>RHEL-08-030630 - RHEL 8 audit tools must be owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
@@ -12623,7 +12763,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
<metadata>
<title>RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
@@ -12639,7 +12780,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
<metadata>
<title>RHEL-08-030680 - RHEL 8 must have the packages required for encrypting offloaded audit logs installed.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
@@ -12662,7 +12804,8 @@ Note that a port number was given as there is no standard port for RELP.</descri
<metadata>
<title>RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
@@ -12678,7 +12821,8 @@ RHEL 8 installation media provides "rsyslogd". "rsyslogd" is a system utility p
<metadata>
<title>RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.</description>
</metadata>
@@ -12690,7 +12834,8 @@ RHEL 8 installation media provides "rsyslogd". "rsyslogd" is a system utility p
<metadata>
<title>RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server.</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<description>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
@@ -12708,7 +12853,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12726,7 +12872,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040000 - RHEL 8 must not have the telnet-server package installed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12748,7 +12895,8 @@ If a privileged user were to log on using this service, the privileged user pass
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12766,7 +12914,8 @@ Verify the operating system is configured to disable non-essential capabilities.
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040002 - RHEL 8 must not have the sendmail package installed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12784,7 +12933,8 @@ Verify the operating system is configured to disable non-essential capabilities.
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12802,7 +12952,8 @@ If a privileged user were to log on using this service, the privileged user pass
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040060 - RHEL 8 must enforce SSHv2 for network access to all accounts.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>A replay attack may enable an unauthorized user to gain access to RHEL 8. Authentication sessions between the authenticator and RHEL 8 validating the user credentials must not be vulnerable to a replay attack.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12823,7 +12974,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040120 - RHEL 8 must mount /dev/shm with the nodev option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12842,7 +12994,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040121 - RHEL 8 must mount /dev/shm with the nosuid option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12859,7 +13012,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040122 - RHEL 8 must mount /dev/shm with the noexec option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12878,7 +13032,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040123 - RHEL 8 must mount /tmp with the nodev option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
@@ -12898,7 +13053,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12916,7 +13072,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040125 - RHEL 8 must mount /tmp with the noexec option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12936,7 +13093,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040126 - RHEL 8 must mount /var/log with the nodev option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12956,7 +13114,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040127 - RHEL 8 must mount /var/log with the nosuid option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12976,7 +13135,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040128 - RHEL 8 must mount /var/log with the noexec option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -12996,7 +13156,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040129 - RHEL 8 must mount /var/log/audit with the nodev option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
@@ -13016,7 +13177,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040130 - RHEL 8 must mount /var/log/audit with the nosuid option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13036,7 +13198,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13056,7 +13219,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13075,7 +13239,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13094,7 +13259,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040134 - RHEL 8 must mount /var/tmp with the noexec option.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13113,7 +13279,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13130,7 +13297,8 @@ Protecting the confidentiality and integrity of organizational information can b
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13149,7 +13317,8 @@ Session key regeneration limits the chances of a session key becoming compromise
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.</description>
</metadata>
@@ -13161,7 +13330,8 @@ Session key regeneration limits the chances of a session key becoming compromise
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If TFTP is required for operational support (such as the transmission of router configurations) its use must be documented with the Information System Security Officer (ISSO), restricted to only authorized personnel, and have access control rules established.</description>
</metadata>
@@ -13173,7 +13343,8 @@ Session key regeneration limits the chances of a session key becoming compromise
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.</description>
</metadata>
@@ -13185,7 +13356,8 @@ Session key regeneration limits the chances of a session key becoming compromise
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040210 - RHEL 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13209,7 +13381,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040220 - RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13232,7 +13405,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13255,7 +13429,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040240 - RHEL 8 must not forward source-routed packets.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
@@ -13279,7 +13454,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040250 - RHEL 8 must not forward source-routed packets by default.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13303,7 +13479,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040260 - RHEL 8 must not be performing packet forwarding unless the system is a router.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13327,7 +13504,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13353,7 +13531,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13379,7 +13558,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040270 - RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13402,7 +13582,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040280 - RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13426,7 +13607,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040281 - RHEL 8 must disable access to network bpf syscall from unprivileged processes.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13447,7 +13629,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13468,7 +13651,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040283 - RHEL 8 must restrict exposed kernel pointer addresses access.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13489,7 +13673,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040284 - RHEL 8 must disable the use of user namespaces.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13510,7 +13695,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13531,7 +13717,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.</description>
</metadata>
@@ -13544,7 +13731,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040340 - RHEL 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding. A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X11 authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring if the ForwardX11Trusted option is also enabled.
@@ -13559,7 +13747,8 @@ If X11 services are not required for the system's intended function, they should
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.</description>
</metadata>
@@ -13572,7 +13761,8 @@ If X11 services are not required for the system's intended function, they should
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.</description>
</metadata>
@@ -13585,7 +13775,8 @@ If X11 services are not required for the system's intended function, they should
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted file transfer methods must be used in place of this service.</description>
</metadata>
@@ -13597,7 +13788,8 @@ If X11 services are not required for the system's intended function, they should
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13613,7 +13805,8 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13629,7 +13822,8 @@ The iprutils package provides a suite of utilities to manage and configure SCSI
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
@@ -13645,7 +13839,8 @@ The tuned package contains a daemon that tunes the system settings dynamically.
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-030670 - RHEL 8 must have the packages required for offloading audit logs installed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
@@ -13668,7 +13863,8 @@ Note that a port number was given as there is no standard port for RELP.</descri
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010163 - The krb5-server package must not be installed on RHEL 8.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
@@ -13687,7 +13883,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010382 - RHEL 8 must restrict privilege elevation to authorized personnel.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.</description>
</metadata>
@@ -13700,7 +13897,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using "sudo".</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password.
For more information on each of the listed configurations, reference the sudoers(5) manual page.</description>
@@ -13724,7 +13922,8 @@ For more information on each of the listed configurations, reference the sudoers
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010384 - RHEL 8 must require re-authentication when using the "sudo" command.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13740,7 +13939,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
</metadata>
@@ -13752,7 +13952,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
</metadata>
@@ -13764,7 +13965,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040286 - RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13787,7 +13989,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
</metadata>
@@ -13799,7 +14002,8 @@ The sysctl --system command will load settings from all system configuration fil
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010000 - RHEL 8 must be a vendor-supported release.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13814,7 +14018,8 @@ Note: The life-cycle time spans and dates are subject to adjustment.</descriptio
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13832,7 +14037,8 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010160 - The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13848,7 +14054,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13866,7 +14073,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000126-GPOS-00066, SRG-OS-000279-GPO
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13880,7 +14088,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13896,7 +14105,8 @@ Verifying the authenticity of the software prior to installation validates the i
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010450 - RHEL 8 must enable the SELinux targeted policy.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -13910,7 +14120,8 @@ This requirement applies to operating systems performing security function verif
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010540 - RHEL 8 must use a separate file system for /var.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.</description>
</metadata>
@@ -13922,7 +14133,8 @@ This requirement applies to operating systems performing security function verif
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.</description>
2022-06-29 08:41:07 +00:00
</metadata>
2024-03-04 15:52:37 +00:00
@@ -13934,7 +14146,8 @@ This requirement applies to operating systems performing security function verif
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
@@ -13948,7 +14161,8 @@ This requirement addresses concurrent sessions for information system accounts a
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020040 - RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
@@ -13966,7 +14180,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
@@ -13982,7 +14197,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020110 - RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
@@ -13998,7 +14214,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020120 - RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14014,7 +14231,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020130 - RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14030,7 +14248,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020140 - RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14046,7 +14265,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020150 - RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14062,7 +14282,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020160 - RHEL 8 must require the change of at least four character classes when passwords are changed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14078,7 +14299,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020170 - RHEL 8 must require the change of at least 8 characters when passwords are changed.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
@@ -14094,7 +14316,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020210 - RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.</description>
</metadata>
@@ -14106,7 +14329,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
2022-06-29 08:41:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020220 - RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.</title>
2022-06-29 08:41:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
2022-06-29 08:41:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14124,7 +14348,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
2023-02-21 13:38:18 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020230 - RHEL 8 passwords must have a minimum of 15 characters.</title>
2023-02-21 13:38:18 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
@@ -14144,7 +14369,8 @@ The DoD minimum password requirement is 15 characters.</description>
2023-02-21 13:38:18 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020280 - All RHEL 8 passwords must contain at least one special character.</title>
2023-02-21 13:38:18 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
@@ -14160,7 +14386,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
2023-02-21 13:38:18 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020290 - RHEL 8 must prohibit the use of cached authentications after one day.</title>
2023-02-21 13:38:18 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>If cached authentication information is out-of-date, the validity of the authentication information may be questionable.
2023-02-21 13:38:18 +00:00
2024-03-04 15:52:37 +00:00
@@ -14174,7 +14401,8 @@ RHEL 8 includes multiple options for configuring authentication, but this requir
2023-02-21 13:38:18 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020340 - RHEL 8 must display the date and time of the last successful account logon upon logon.</title>
2023-02-21 13:38:18 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.</description>
2023-02-21 13:38:18 +00:00
</metadata>
2024-03-04 15:52:37 +00:00
@@ -14186,7 +14414,8 @@ RHEL 8 includes multiple options for configuring authentication, but this requir
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-030070 - RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14202,7 +14431,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14218,7 +14448,8 @@ The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data li
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14234,7 +14465,8 @@ The Controller Area Network (CAN) is a serial communications protocol, which was
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040023 - RHEL 8 must disable the stream control transmission protocol (SCTP).</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14250,7 +14482,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
@@ -14266,7 +14499,8 @@ The Transparent Inter-Process Communication (TIPC) protocol is designed to provi
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040025 - RHEL 8 must disable mounting of cramfs.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
@@ -14282,7 +14516,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040026 - RHEL 8 must disable IEEE 1394 (FireWire) Support.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14296,7 +14531,8 @@ The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time commu
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14310,7 +14546,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163</description>
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-040111 - RHEL 8 Bluetooth must be disabled.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the RHEL 8 operating system.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14326,7 +14563,8 @@ Protecting the confidentiality and integrity of communications with wireless per
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-010159 - The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14342,7 +14580,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020102 - RHEL 8 systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
2023-10-30 15:13:07 +00:00
2024-03-04 15:52:37 +00:00
@@ -14360,7 +14599,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
2023-10-30 15:13:07 +00:00
<metadata>
2024-03-04 15:52:37 +00:00
<title>RHEL-08-020035 - RHEL 8 must terminate idle user sessions.</title>
2023-10-30 15:13:07 +00:00
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
2024-03-04 15:52:37 +00:00
<description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.</description>
</metadata>
@@ -14588,15 +14828,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
2022-06-29 08:41:07 +00:00
<object object_ref="oval:mil.disa.stig.rhel8:obj:10501" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10500" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10600" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10600" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10601" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10601" />
</textfilecontent54_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10602" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/grub2/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10700" version="1">
2024-03-04 15:52:37 +00:00
@@ -16399,18 +16639,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
2022-06-29 08:41:07 +00:00
<pattern operation="pattern match">^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^\s*set\s+superusers\s*=\s*"(\w+)"\s*$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^\s*GRUB2_PASSWORD=(\S+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/redhat/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/almalinux/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/grub2/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10700" version="1">
<filepath datatype="string">/boot/grub2/grub.cfg</filepath>
2024-03-04 15:52:37 +00:00
@@ -18909,7 +19149,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
<metadata>
<title>RHEL 8 is installed</title>
<affected family="unix">
- <platform>Red Hat Enterprise Linux 8</platform>
+ <platform>Red Hat Enterprise Linux 8</platform>
+<platform>AlmaLinux 8</platform>
</affected>
<reference ref_id="cpe:/o:redhat:enterprise_linux:8" source="CPE" />
<description>RHEL 8 is installed</description>
diff --git a/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml
index b9d25d9e9..3df1cb89c 100644
--- a/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel8-v1r13-xccdf-manual.xml
@@ -373,7 +373,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</fixtext><fix id="F-32877r809272_fix" /><check system=
2022-06-29 08:41:07 +00:00
If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r743922_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r743922_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
2024-03-04 15:52:37 +00:00
@@ -383,7 +383,7 @@ Confirm password:</fixtext><fix id="F-32878r743921_fix" /><check system="C-32903
2022-06-29 08:41:07 +00:00
Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
2024-03-04 15:52:37 +00:00
@@ -6456,11 +6456,11 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
2022-06-29 08:41:07 +00:00
Generate a new grub.cfg file with the following command:
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
Verify that a unique name is set as the "superusers" account:
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
set superusers="[someuniquestringhere]"
export superusers
2024-03-04 15:52:37 +00:00
diff --git a/shared/references/disa-stig-rhel9-v1r0-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v1r0-xccdf-scap.xml
index 7ed716276..d334df131 100755
--- a/shared/references/disa-stig-rhel9-v1r0-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel9-v1r0-xccdf-scap.xml
@@ -3244,7 +3244,7 @@ Reboot the system for the changes to take effect.</xccdf:fixtext>
</metadata>
<criteria operator="OR">
<criteria operator="AND">
- <criterion test_ref="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/redhat/grub.cfg exists." />
+ <criterion test_ref="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/almalinux/grub.cfg exists." />
<criteria operator="OR" comment="System is RHEL7, RHEL 8, OL7, OL8, TOSS, SLES12, SLES15, Ubuntu18, or Ubuntu20">
<extend_definition definition_ref="oval:mil.disa.stig.ubuntu1804:def:1" />
<extend_definition definition_ref="oval:mil.disa.stig.ubuntu2004:def:1" />
@@ -4629,7 +4629,7 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
<object object_ref="oval:mil.disa.stig.ubuntu2004:obj:100" />
<state state_ref="oval:mil.disa.stig.ubuntu2004:ste:100" />
</textfilecontent54_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/redhat/grub.cfg exists." version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/almalinux/grub.cfg exists." version="1">
<object object_ref="oval:mil.disa.stig.unix:obj:10000600" />
</file_test>
<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000601" comment="/etc/grub2-efi.cfg exists." version="1">
@@ -5249,7 +5249,7 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
<instance datatype="int">1</instance>
</textfilecontent54_object>
<file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:10000600" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:10000601" version="1">
<filepath datatype="string">/etc/grub2-efi.cfg</filepath>
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template
2023-02-21 13:38:18 +00:00
index b324dc01a..6bcaeee57 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/accounts_password/ansible.template
+++ b/shared/templates/accounts_password/ansible.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template
2023-02-21 13:38:18 +00:00
index 46e98c147..d1e49f5a0 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/accounts_password/bash.template
+++ b/shared/templates/accounts_password/bash.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
2024-03-04 15:52:37 +00:00
index 5a686b0b2..74a7d8c30 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_dac_modification/ansible.template
+++ b/shared/templates/audit_rules_dac_modification/ansible.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
2024-03-04 15:52:37 +00:00
index daee70210..ae6608360 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_dac_modification/bash.template
+++ b/shared/templates/audit_rules_dac_modification/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2022-06-29 08:41:07 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template
2024-03-04 15:52:37 +00:00
index 33b29b977..cbee8fdf7 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_file_deletion_events/ansible.template
+++ b/shared/templates/audit_rules_file_deletion_events/ansible.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template
2024-03-04 15:52:37 +00:00
index b3eab4edb..da237aa3d 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_file_deletion_events/bash.template
+++ b/shared/templates/audit_rules_file_deletion_events/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
2022-06-29 08:41:07 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
2024-03-04 15:52:37 +00:00
index e62981561..4f8c1b6e5 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_login_events/ansible.template
+++ b/shared/templates/audit_rules_login_events/ansible.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template
2024-03-04 15:52:37 +00:00
index e3c55b43a..0a13eabe8 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_login_events/bash.template
+++ b/shared/templates/audit_rules_login_events/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2022-06-29 08:41:07 +00:00
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template
2023-02-21 13:38:18 +00:00
index 68b43b439..9d9ce2fad 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_path_syscall/ansible.template
+++ b/shared/templates/audit_rules_path_syscall/ansible.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template
2023-02-21 13:38:18 +00:00
index 332c87def..cdcf6352c 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_path_syscall/bash.template
+++ b/shared/templates/audit_rules_path_syscall/bash.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
2022-06-29 08:41:07 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
2023-02-21 13:38:18 +00:00
index 0edc5c732..c8d61bd1f 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_privileged_commands/ansible.template
+++ b/shared/templates/audit_rules_privileged_commands/ansible.template
2021-11-17 13:33:00 +00:00
@@ -1,7 +1,7 @@
2023-02-21 13:38:18 +00:00
{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
2021-11-17 13:33:00 +00:00
{{%- set perm_x=" -F perm=x" %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template
2023-02-21 13:38:18 +00:00
index 63dfcb06c..110b94caf 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_privileged_commands/bash.template
+++ b/shared/templates/audit_rules_privileged_commands/bash.template
2021-11-17 13:33:00 +00:00
@@ -1,7 +1,7 @@
2023-02-21 13:38:18 +00:00
{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
2021-11-17 13:33:00 +00:00
{{%- set perm_x=" -F perm=x" %}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
ACTION_ARCH_FILTERS="-a always,exit"
OTHER_FILTERS="-F path={{{ PATH }}}{{{ perm_x }}}"
2023-02-21 13:38:18 +00:00
diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
2024-03-04 15:52:37 +00:00
index 26ed4807d..29b415410 100644
2023-02-21 13:38:18 +00:00
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
2024-03-04 15:52:37 +00:00
# packages = audit
2023-02-21 13:38:18 +00:00
source common.sh
diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
index 2cfd69a19..f3c352227 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
source common.sh
2022-06-29 08:41:07 +00:00
diff --git a/shared/templates/audit_rules_syscall_events/ansible.template b/shared/templates/audit_rules_syscall_events/ansible.template
2023-02-21 13:38:18 +00:00
index 16dec9827..5e953196e 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/audit_rules_syscall_events/ansible.template
+++ b/shared/templates/audit_rules_syscall_events/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template
2023-02-21 13:38:18 +00:00
index bd5bb94cb..d1f68626a 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/audit_rules_syscall_events/bash.template
+++ b/shared/templates/audit_rules_syscall_events/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
2024-03-04 15:52:37 +00:00
index 9beb65537..e6da688f0 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
2024-03-04 15:52:37 +00:00
index b18223c98..e82de6427 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
2021-09-15 11:41:44 +00:00
2022-06-29 08:41:07 +00:00
# First perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
2023-02-21 13:38:18 +00:00
index 43063a18f..f0440e169 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_usergroup_modification/ansible.template
+++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template
2023-02-21 13:38:18 +00:00
index 62faac341..3461e4e29 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/audit_rules_usergroup_modification/bash.template
+++ b/shared/templates/audit_rules_usergroup_modification/bash.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template
2024-03-04 15:52:37 +00:00
index a573b6a1b..7011157d8 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/grub2_bootloader_argument/ansible.template
+++ b/shared/templates/grub2_bootloader_argument/ansible.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = restrict
# complexity = medium
diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template
2024-03-04 15:52:37 +00:00
index 7a7ba6899..ac12c1878 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/grub2_bootloader_argument/bash.template
+++ b/shared/templates/grub2_bootloader_argument/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
2022-06-29 08:41:07 +00:00
{{#
See the OVAL template for more comments.
Product-specific categorization should be synced across all template content types
diff --git a/shared/templates/grub2_bootloader_argument/blueprint.template b/shared/templates/grub2_bootloader_argument/blueprint.template
2023-02-21 13:38:18 +00:00
index 7e9ea909e..152f27303 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/grub2_bootloader_argument/blueprint.template
+++ b/shared/templates/grub2_bootloader_argument/blueprint.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
2023-02-21 13:38:18 +00:00
{{%- if ARG_VARIABLE %}}
{{%- set ARG_NAME_VALUE = ARG_NAME ~ "=(blueprint-populate " ~ ARG_VARIABLE ~ ")" -%}}
{{%- endif %}}
2022-06-29 08:41:07 +00:00
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
2023-02-21 13:38:18 +00:00
index 93907c794..289fcf4d9 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# packages = grub2,grubby
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
source common.sh
2022-06-29 08:41:07 +00:00
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
2023-02-21 13:38:18 +00:00
index e52ae2417..5f5306e14 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
# packages = grub2,grubby
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
source common.sh
2022-06-29 08:41:07 +00:00
diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
index 0c97377f2..2aef2ae6d 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,6 +1,6 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
# packages = grub2,grubby
source common.sh
diff --git a/shared/templates/grub2_bootloader_argument_absent/ansible.template b/shared/templates/grub2_bootloader_argument_absent/ansible.template
index 51fc98b7a..c6b147d87 100644
--- a/shared/templates/grub2_bootloader_argument_absent/ansible.template
+++ b/shared/templates/grub2_bootloader_argument_absent/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
# complexity = medium
diff --git a/shared/templates/grub2_bootloader_argument_absent/bash.template b/shared/templates/grub2_bootloader_argument_absent/bash.template
index 8d7d6e9ea..18b900e51 100644
--- a/shared/templates/grub2_bootloader_argument_absent/bash.template
+++ b/shared/templates/grub2_bootloader_argument_absent/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
{{#
See the OVAL template for more comments.
Product-specific categorization should be synced across all template content types
diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
index 46ca33623..09ab75acc 100644
--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
+++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
@@ -1,6 +1,6 @@
2022-06-29 08:41:07 +00:00
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# packages = grub2-tools,grubby
# Adds argument from kernel command line in /etc/default/grub
diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
index 4e4f5135e..3514796b5 100644
--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
+++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
2022-06-29 08:41:07 +00:00
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
2023-02-21 13:38:18 +00:00
# packages = grub2-tools,grubby
2022-06-29 08:41:07 +00:00
2023-02-21 13:38:18 +00:00
# Adds audit argument from kernel command line in /boot/grub2/grubenv
diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
index e5ce738c3..d10d44c31 100644
--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
+++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# packages = grub2-tools,grubby
# Adds argument with a value from kernel command line in /etc/default/grub
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template
2024-03-04 15:52:37 +00:00
index 88e846697..a329cbe76 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/kernel_module_disabled/ansible.template
+++ b/shared/templates/kernel_module_disabled/ansible.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = disable
# complexity = low
diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template
2024-03-04 15:52:37 +00:00
index 699c13a20..a6cf74ccd 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/kernel_module_disabled/bash.template
+++ b/shared/templates/kernel_module_disabled/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
# reboot = true
# strategy = disable
# complexity = low
2023-02-21 13:38:18 +00:00
diff --git a/shared/templates/kernel_module_disabled/kubernetes.template b/shared/templates/kernel_module_disabled/kubernetes.template
index bc678c80e..516c10ce4 100644
--- a/shared/templates/kernel_module_disabled/kubernetes.template
+++ b/shared/templates/kernel_module_disabled/kubernetes.template
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
# reboot = true
# strategy = disable
# complexity = low
diff --git a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
2024-03-04 15:52:37 +00:00
index 8a1319eed..fb20c3b4a 100644
2023-02-21 13:38:18 +00:00
--- a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
+++ b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
echo > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template
2023-02-21 13:38:18 +00:00
index fdcb4ee3e..0d1d8dc24 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/mount/anaconda.template
+++ b/shared/templates/mount/anaconda.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
2022-06-29 08:41:07 +00:00
diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template
2023-02-21 13:38:18 +00:00
index 56617467d..3cdacd4db 100644
2022-06-29 08:41:07 +00:00
--- a/shared/templates/mount/blueprint.template
+++ b/shared/templates/mount/blueprint.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
[[customizations.filesystem]]
mountpoint = "{{{ MOUNTPOINT }}}"
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template
2023-02-21 13:38:18 +00:00
index 083b0ef00..14f7018a9 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/mount_option/anaconda.template
+++ b/shared/templates/mount_option/anaconda.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template
2023-02-21 13:38:18 +00:00
index 8665fb913..07cd9e3ad 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/mount_option_removable_partitions/anaconda.template
+++ b/shared/templates/mount_option_removable_partitions/anaconda.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template
2023-02-21 13:38:18 +00:00
index 0ac55f51f..dd0bcddea 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/package_installed/anaconda.template
+++ b/shared/templates/package_installed/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
2024-03-04 15:52:37 +00:00
index 65c48d381..ee1e6386d 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/package_installed/bash.template
+++ b/shared/templates/package_installed/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template
2023-02-21 13:38:18 +00:00
index 489f9bb0f..0120d927c 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/package_removed/anaconda.template
+++ b/shared/templates/package_removed/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = disable
# complexity = low
2023-02-21 13:38:18 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
2023-10-30 15:13:07 +00:00
index 0fa452ba0..8e9abbe3a 100755
2023-02-21 13:38:18 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
index 54804685b..1c4b4f3e1 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
2024-03-04 15:52:37 +00:00
index 1ba8e0cda..02f0e77e9 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
2024-03-04 15:52:37 +00:00
index 321df77d9..756bdb524 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-10-30 15:13:07 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
index dc362ae00..36867bb2b 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
2023-10-30 15:13:07 +00:00
index 4aef9fb84..0b7cbcd5f 100755
2023-02-21 13:38:18 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
index 203f640f5..a127500e8 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
2024-03-04 15:52:37 +00:00
index f623b6be4..8d4399023 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
2024-03-04 15:52:37 +00:00
index c825c0b08..746d6dfa4 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
2024-03-04 15:52:37 +00:00
index a8e723bee..a1e6b245c 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
2024-03-04 15:52:37 +00:00
index d3f639a2b..b5d757274 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
2024-03-04 15:52:37 +00:00
index d3be7ffc3..5b4b11307 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
index c1c5758d8..3e7441a4a 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
2023-10-30 15:13:07 +00:00
index 3d3bbbd8e..ae10153cd 100755
2023-02-21 13:38:18 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
index 96e9ddaf3..8c8a59a3a 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
index ec9296694..6bd64894b 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
2024-03-04 15:52:37 +00:00
index 9dcbe0c2e..b7f6323c9 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
2024-03-04 15:52:37 +00:00
index dc9ea0eef..9c6694804 100755
2023-10-30 15:13:07 +00:00
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
2023-02-21 13:38:18 +00:00
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2023-10-30 15:13:07 +00:00
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
index 6acb37ad7..d235e6249 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
index abdb09c48..9cc24d061 100755
--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
+++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
2023-02-21 13:38:18 +00:00
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# Declare variables used for the tests and define the create_rsyslog_test_logs function
source $SHARED/rsyslog_log_utils.sh
2021-09-15 11:41:44 +00:00
diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template
2024-03-04 15:52:37 +00:00
index 53a67710f..12e9f9b3b 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/sebool/ansible.template
+++ b/shared/templates/sebool/ansible.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
2024-03-04 15:52:37 +00:00
index 8cf8e262d..9a8eddad1 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/sebool/bash.template
+++ b/shared/templates/sebool/bash.template
@@ -1,4 +1,4 @@
2022-06-29 08:41:07 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template
2024-03-04 15:52:37 +00:00
index c8b6826b2..6bbb8eb2a 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/service_disabled/bash.template
+++ b/shared/templates/service_disabled/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
2021-09-15 11:41:44 +00:00
# reboot = false
# strategy = disable
# complexity = low
diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template
2023-02-21 13:38:18 +00:00
index 1ab456524..724e7b779 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/service_disabled/kubernetes.template
+++ b/shared/templates/service_disabled/kubernetes.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
# reboot = true
# strategy = disable
# complexity = low
diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template
2023-02-21 13:38:18 +00:00
index 00fd1ee2f..2d99ec854 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/service_enabled/bash.template
+++ b/shared/templates/service_enabled/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
# reboot = false
# strategy = enable
# complexity = low
diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
2024-03-04 15:52:37 +00:00
index d66b33206..f02d3bac6 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/sysctl/bash.template
+++ b/shared/templates/sysctl/bash.template
@@ -1,4 +1,4 @@
2024-03-04 15:52:37 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = disable
# complexity = low
diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
2023-02-21 13:38:18 +00:00
index 336775e4f..6411d1b9b 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/zipl_bls_entries_option/ansible.template
+++ b/shared/templates/zipl_bls_entries_option/ansible.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# reboot = true
# strategy = configure
# complexity = medium
diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template
2023-02-21 13:38:18 +00:00
index 25cd7432c..a415f2a38 100644
2021-09-15 11:41:44 +00:00
--- a/shared/templates/zipl_bls_entries_option/bash.template
+++ b/shared/templates/zipl_bls_entries_option/bash.template
@@ -1,4 +1,4 @@
2021-11-17 13:33:00 +00:00
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2021-09-15 11:41:44 +00:00
# Correct BLS option using grubby, which is a thin wrapper around BLS operations
grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
diff --git a/ssg/constants.py b/ssg/constants.py
2024-03-04 15:52:37 +00:00
index 18fbf39d3..4dfe02089 100644
2021-09-15 11:41:44 +00:00
--- a/ssg/constants.py
+++ b/ssg/constants.py
2024-03-04 15:52:37 +00:00
@@ -40,6 +40,7 @@ SSG_REF_URIS = {
2021-09-15 11:41:44 +00:00
product_directories = [
2023-02-21 13:38:18 +00:00
'alinux2',
'alinux3',
2021-09-15 11:41:44 +00:00
+ 'almalinux8',
2023-02-21 13:38:18 +00:00
'anolis8',
2023-10-30 15:13:07 +00:00
'anolis23',
2021-09-15 11:41:44 +00:00
'chromium',
2024-03-04 15:52:37 +00:00
@@ -197,6 +198,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
2021-09-15 11:41:44 +00:00
FULL_NAME_TO_PRODUCT_MAPPING = {
2023-02-21 13:38:18 +00:00
"Alibaba Cloud Linux 2": "alinux2",
"Alibaba Cloud Linux 3": "alinux3",
2021-09-15 11:41:44 +00:00
+ "AlmaLinux 8": "almalinux8",
2023-02-21 13:38:18 +00:00
"Anolis OS 8": "anolis8",
2023-10-30 15:13:07 +00:00
"Anolis OS 23": "anolis23",
2021-09-15 11:41:44 +00:00
"Chromium": "chromium",
2024-03-04 15:52:37 +00:00
@@ -276,7 +278,7 @@ REFERENCES = dict(
2022-06-29 08:41:07 +00:00
)
2021-09-15 11:41:44 +00:00
2023-02-21 13:38:18 +00:00
-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu",
2024-03-04 15:52:37 +00:00
"openeuler",
2023-02-21 13:38:18 +00:00
"opensuse", "sle", "ol", "ocp", "rhcos",
2024-03-04 15:52:37 +00:00
"example", "eks", "alinux", "uos", "anolis", "openembedded"]
@@ -284,6 +286,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
2021-09-15 11:41:44 +00:00
MULTI_PLATFORM_MAPPING = {
2023-02-21 13:38:18 +00:00
"multi_platform_alinux": ["alinux2", "alinux3"],
2023-10-30 15:13:07 +00:00
"multi_platform_anolis": ["anolis8", "anolis23"],
2021-09-15 11:41:44 +00:00
+ "multi_platform_almalinux": ["almalinux8"],
2024-03-04 15:52:37 +00:00
"multi_platform_debian": ["debian10", "debian11", "debian12"],
2021-09-15 11:41:44 +00:00
"multi_platform_example": ["example"],
2022-06-29 08:41:07 +00:00
"multi_platform_eks": ["eks"],
2024-03-04 15:52:37 +00:00
@@ -470,6 +473,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
2021-09-15 11:41:44 +00:00
'rhcos': 'Red Hat Enterprise Linux CoreOS',
2022-06-29 08:41:07 +00:00
'eks': 'Amazon Elastic Kubernetes Service',
2024-03-04 15:52:37 +00:00
'openembedded': 'OpenEmbedded',
2021-09-15 11:41:44 +00:00
+ 'almalinux': 'AlmaLinux',
}
2023-02-21 13:38:18 +00:00
# References that can not be used with product-qualifiers
diff --git a/tests/unit/ssg-module/data/accounts_tmout.yml b/tests/unit/ssg-module/data/accounts_tmout.yml
2023-10-30 15:13:07 +00:00
index e8400ed73..63ed082a0 100644
2023-02-21 13:38:18 +00:00
--- a/tests/unit/ssg-module/data/accounts_tmout.yml
+++ b/tests/unit/ssg-module/data/accounts_tmout.yml
@@ -1,4 +1,4 @@
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
title: Set Interactive Session Timeout
description: 'Setting the <tt>TMOUT</tt> option in <tt>/etc/profile</tt> ensures that
diff --git a/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml b/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
2023-10-30 15:13:07 +00:00
index 1feaeb55c..1e96bdeb9 100644
2023-02-21 13:38:18 +00:00
--- a/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
+++ b/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
@@ -1,4 +1,4 @@
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
title: Set Interactive Session Timeout
description: 'Setting the <tt>TMOUT</tt> option in <tt>/etc/profile</tt> ensures that
2021-09-15 11:41:44 +00:00
diff --git a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
2023-02-21 13:38:18 +00:00
index 83d5532f5..bc9f9e17a 100644
2021-09-15 11:41:44 +00:00
--- a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
+++ b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
2023-02-21 13:38:18 +00:00
@@ -22,7 +22,7 @@ platforms: !!set
cpe_platform_names: !!set
machine: null
inherited_platforms: []
2021-09-15 11:41:44 +00:00
-prodtype: rhel7,rhel8,fedora,ol7,ol8
+prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8
rationale: Only root should be able to modify important boot parameters.
references: {cis: 1.4.1, cis-csc: '12,13,14,15,16,18,3,5', cjis: 5.5.2.2, cobit5: 'APO01.06,DSS05.04,DSS05.07,DSS06.02',
cui: 3.4.5, disa: 'CCI-000225', hipaa: '164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)',
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
2023-02-21 13:38:18 +00:00
index ff0b30f03..0116294f1 100644
2021-09-15 11:41:44 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
2022-06-29 08:41:07 +00:00
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
2024-03-04 15:52:37 +00:00
index 9d0a0d087..b64b4b0fc 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
title: 'Configure System Cryptography Policy'
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
2023-02-21 13:38:18 +00:00
index b607202c5..621420882 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
# IMPORTANT: This is a false negative scenario.
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
2023-02-21 13:38:18 +00:00
index e5b598342..539ea8f3c 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# packages = crypto-policies-scripts
update-crypto-policies --set "DEFAULT"
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
2023-02-21 13:38:18 +00:00
index 7be3c82f3..776f79f4c 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 261dc3f96..e6a2f5d0e 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
2023-02-21 13:38:18 +00:00
index 356aa3ffe..05dd9be57 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
2023-02-21 13:38:18 +00:00
index 06bd713dd..8de885e50 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
2023-02-21 13:38:18 +00:00
index 56a081eca..a5383733b 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
2023-02-21 13:38:18 +00:00
index 10cb25593..55f128c10 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
2023-02-21 13:38:18 +00:00
index a2107d146..b6d9804d2 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_e8
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
2023-02-21 13:38:18 +00:00
index b06e035fa..679e23ee7 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_standard
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
2023-02-21 13:38:18 +00:00
index 6679f94bd..f2246ba0c 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
2023-02-21 13:38:18 +00:00
index 116f6b676..552ef54ea 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
2023-02-21 13:38:18 +00:00
index 9461c3ddd..5b5b06ac9 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
2022-06-29 08:41:07 +00:00
# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
# packages = crypto-policies-scripts
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
2023-02-21 13:38:18 +00:00
index 5becd90b7..976bc6a85 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Uninstall Automatic Bug Reporting Tool (abrt)'
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
2023-02-21 13:38:18 +00:00
index 1c1560a86..fc86b614e 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
2023-02-21 13:38:18 +00:00
index 10ecee505..3d3098f4e 100644
2022-06-29 08:41:07 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
@@ -1,4 +1,4 @@
2023-02-21 13:38:18 +00:00
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
2022-06-29 08:41:07 +00:00
# reboot = true
# strategy = restrict
# complexity = low
2021-09-15 11:41:44 +00:00
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
2023-02-21 13:38:18 +00:00
index 64e6cee7f..7bcd15189 100644
2021-09-15 11:41:44 +00:00
--- a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
2021-11-17 13:33:00 +00:00
@@ -14,7 +14,7 @@ ocil_clause: SELINUX is not set to enforcing
2021-09-15 11:41:44 +00:00
oval_external_content: null
2021-11-17 13:33:00 +00:00
platforms:
- machine
2021-09-15 11:41:44 +00:00
-prodtype: rhel7,rhel8,fedora,ol7,ol8,rhv4
+prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8,rhv4
rationale: 'Setting the SELinux state to enforcing ensures SELinux is able to confine
potentially compromised processes to the security policy, which is designed to
2023-02-21 13:38:18 +00:00
diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh
index 8e5e284ee..ce1b79416 100644
--- a/tests/unit/ssg_test_suite/data/correct.pass.sh
+++ b/tests/unit/ssg_test_suite/data/correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = sudo,authselect
-# platform = multi_platform_rhel,Fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,Fedora
# profiles = xccdf_org.ssgproject.content_profile_cis
# remediation = none
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
2021-09-15 11:41:44 +00:00
diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
2023-10-30 15:13:07 +00:00
index 60eaf4402..c55660e35 100755
2021-09-15 11:41:44 +00:00
--- a/utils/ansible_playbook_to_role.py
+++ b/utils/ansible_playbook_to_role.py
2023-10-30 15:13:07 +00:00
@@ -58,6 +58,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
2023-02-21 13:38:18 +00:00
PRODUCT_ALLOWLIST = set([
2021-09-15 11:41:44 +00:00
"rhel7",
"rhel8",
+ "almalinux8",
])
2023-02-21 13:38:18 +00:00
PROFILE_ALLOWLIST = set([