From 0e201cce7fac24fe09d8238251917993e5fa25f7 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 15 Sep 2021 11:41:44 +0000 Subject: [PATCH] AlmaLinux changes --- SOURCES/0001-Add-AlmaLinux-8-support.patch | 29832 +++++++++++++++++++ SPECS/scap-security-guide.spec | 27 +- 2 files changed, 29851 insertions(+), 8 deletions(-) create mode 100644 SOURCES/0001-Add-AlmaLinux-8-support.patch diff --git a/SOURCES/0001-Add-AlmaLinux-8-support.patch b/SOURCES/0001-Add-AlmaLinux-8-support.patch new file mode 100644 index 0000000..ed39078 --- /dev/null +++ b/SOURCES/0001-Add-AlmaLinux-8-support.patch @@ -0,0 +1,29832 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 6995944a..6609ed13 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -60,6 +60,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # Products to build content for. These generally correspond to directories in + # the root of this project. Note that the example product is always disabled + # unless explicitly asked for. ++option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -240,6 +241,7 @@ endif() + message(STATUS " ") + + message(STATUS "Products:") ++message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") + message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") + message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") +@@ -305,6 +307,9 @@ ssg_build_bash_remediation_functions() + + ssg_build_man_page() + ++if (SSG_PRODUCT_ALMALINUX8) ++ add_subdirectory("almalinux8") ++endif() + if (SSG_PRODUCT_CHROMIUM) + add_subdirectory("chromium") + endif() +diff --git a/almalinux8/CMakeLists.txt b/almalinux8/CMakeLists.txt +new file mode 100644 +index 00000000..60960dd2 +--- /dev/null ++++ b/almalinux8/CMakeLists.txt +@@ -0,0 +1,27 @@ ++# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the developer_guide.adoc for more details!") ++endif() ++ ++set(PRODUCT "almalinux8") ++set(DISA_SRG_TYPE "os") ++ ++ssg_build_product(${PRODUCT}) ++ ++ssg_build_html_table_by_ref(${PRODUCT} "nist") ++ssg_build_html_table_by_ref(${PRODUCT} "cui") ++# No CIS yet for AlmaLinux ++# ssg_build_html_table_by_ref(${PRODUCT} "cis") ++ssg_build_html_table_by_ref(${PRODUCT} "pcidss") ++ssg_build_html_table_by_ref(${PRODUCT} "anssi") ++ ++ssg_build_html_nistrefs_table(${PRODUCT} "ospp") ++ssg_build_html_nistrefs_table(${PRODUCT} "stig") ++ ++ssg_build_html_cce_table(${PRODUCT}) ++ ++ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE}) ++ ++ssg_build_html_stig_tables(${PRODUCT} "stig") ++ ++#ssg_build_html_stig_tables(${PRODUCT} "ospp") +diff --git a/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg +new file mode 100644 +index 00000000..cda3e1ac +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg +@@ -0,0 +1,163 @@ ++# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg +new file mode 100644 +index 00000000..54abf703 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg +@@ -0,0 +1,163 @@ ++# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg +new file mode 100644 +index 00000000..2a12b048 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg +@@ -0,0 +1,127 @@ ++# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg +new file mode 100644 +index 00000000..0073c5c1 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg +@@ -0,0 +1,144 @@ ++# SCAP Security Guide CIS profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2020-03-30 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$rhel6usgcb$aS6oPGXcPKp3OtFArSrhRwu6sN8q2.yEGY7AIwDOQd23YCtiz9c5mXbid1BzX9bmXTEZi.hCzTEXFosVBI5ng0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg +new file mode 100644 +index 00000000..0b08a08b +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg +@@ -0,0 +1,167 @@ ++# SCAP Security Guide CUI profile kickstart for AlmaLinux 8 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cui ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg +new file mode 100644 +index 00000000..b11014a5 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg +@@ -0,0 +1,123 @@ ++# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2019-11-13 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$rhel6usgcb$aS6oPGXcPKp3OtFArSrhRwu6sN8q2.yEGY7AIwDOQd23YCtiz9c5mXbid1BzX9bmXTEZi.hCzTEXFosVBI5ng0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with Essential Eight profile ++# For more details and configuration options see ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_e8 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg +new file mode 100644 +index 00000000..45d4701d +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg +@@ -0,0 +1,123 @@ ++# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8 ++# Version: 0.0.1 ++# Date: 2020-05-25 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$rhel6usgcb$aS6oPGXcPKp3OtFArSrhRwu6sN8q2.yEGY7AIwDOQd23YCtiz9c5mXbid1BzX9bmXTEZi.hCzTEXFosVBI5ng0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with HIPAA profile ++# For more details and configuration options see ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_hipaa ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg +new file mode 100644 +index 00000000..42f01004 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg +@@ -0,0 +1,167 @@ ++# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_ospp ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg +new file mode 100644 +index 00000000..5c47d1ce +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg +@@ -0,0 +1,157 @@ ++# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++# ++# PASSWORD TEMPORARILY DISABLED ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 ++ ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=12288 --grow ++# CCE-26557-9: Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26435-8: Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# CCE-26639-5: Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" ++# CCE-26215-4: Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_pci-dss ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg +new file mode 100644 +index 00000000..b8c16118 +--- /dev/null ++++ b/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg +@@ -0,0 +1,167 @@ ++# SCAP Security Guide STIG profile kickstart for AlmaLinux 8 ++# ++# Based on: ++# http://fedoraproject.org/wiki/Anaconda/Kickstart ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_stig ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/almalinux8/overlays/srg_support.xml b/almalinux8/overlays/srg_support.xml +new file mode 100644 +index 00000000..0bb5a068 +--- /dev/null ++++ b/almalinux8/overlays/srg_support.xml +@@ -0,0 +1,173 @@ ++ +diff --git a/almalinux8/overlays/stig_overlay.xml b/almalinux8/overlays/stig_overlay.xml +new file mode 100644 +index 00000000..e3f25757 +--- /dev/null ++++ b/almalinux8/overlays/stig_overlay.xml +@@ -0,0 +1,1367 @@ ++ ++ ++ ++ ++ ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010010" disa="366" severity="medium"> ++ <VMSinfo VKey="230222" SVKey="230222r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 vendor packaged system security patches and updates must be installed and up to date."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010020" disa="68" severity="high"> ++ <VMSinfo VKey="230223" SVKey="230223r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010030" disa="1199" severity="medium"> ++ <VMSinfo VKey="230224" SVKey="230224r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010040" disa="48" severity="medium"> ++ <VMSinfo VKey="230225" SVKey="230225r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a ssh logon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010050" disa="48" severity="medium"> ++ <VMSinfo VKey="230226" SVKey="230226r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010060" disa="48" severity="medium"> ++ <VMSinfo VKey="230227" SVKey="230227r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010070" disa="67" severity="medium"> ++ <VMSinfo VKey="230228" SVKey="230228r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 remote access methods must be monitored."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010090" disa="185" severity="medium"> ++ <VMSinfo VKey="230229" SVKey="230229r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010100" disa="186" severity="medium"> ++ <VMSinfo VKey="230230" SVKey="230230r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8, for certificate-based authentication, must enforce authorized access to the corresponding private key."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010110" disa="196" severity="medium"> ++ <VMSinfo VKey="230231" SVKey="230231r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010120" disa="196" severity="medium"> ++ <VMSinfo VKey="230232" SVKey="230232r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010130" disa="196" severity="medium"> ++ <VMSinfo VKey="230233" SVKey="230233r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all created passwords."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010140" disa="213" severity="high"> ++ <VMSinfo VKey="230234" SVKey="230234r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010150" disa="213" severity="high"> ++ <VMSinfo VKey="230235" SVKey="230235r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010151" disa="213" severity="medium"> ++ <VMSinfo VKey="230236" SVKey="230236r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 operating systems must require authentication upon booting into emergency or rescue modes."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010160" disa="803" severity="medium"> ++ <VMSinfo VKey="230237" SVKey="230237r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010161" disa="803" severity="medium"> ++ <VMSinfo VKey="230238" SVKey="230238r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent system daemons from using Kerberos for authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010162" disa="803" severity="medium"> ++ <VMSinfo VKey="230239" SVKey="230239r5997" VRelease="r599732"/> ++ <title text="The krb5-workstation package must not be installed on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010170" disa="1084" severity="medium"> ++ <VMSinfo VKey="230240" SVKey="230240r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use a Linux Security Module configured to enforce limits on system services."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010171" disa="1084" severity="low"> ++ <VMSinfo VKey="230241" SVKey="230241r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must have policycoreutils package installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010180" disa="1090" severity="medium"> ++ <VMSinfo VKey="230242" SVKey="230242r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 public directories must be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010190" disa="1090" severity="medium"> ++ <VMSinfo VKey="230243" SVKey="230243r5997" VRelease="r599732"/> ++ <title text="A sticky bit must be set on all AlmaLinux 8 public directories to prevent unauthorized and unintended information transferred via shared system resources."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010200" disa="1133" severity="medium"> ++ <VMSinfo VKey="230244" SVKey="230244r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010210" disa="1314" severity="medium"> ++ <VMSinfo VKey="230245" SVKey="230245r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log/messages file must have mode 0640 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010220" disa="1314" severity="medium"> ++ <VMSinfo VKey="230246" SVKey="230246r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log/messages file must be owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010230" disa="1314" severity="medium"> ++ <VMSinfo VKey="230247" SVKey="230247r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log/messages file must be group-owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010240" disa="1314" severity="medium"> ++ <VMSinfo VKey="230248" SVKey="230248r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log directory must have mode 0755 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010250" disa="1314" severity="medium"> ++ <VMSinfo VKey="230249" SVKey="230249r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log directory must be owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010260" disa="1314" severity="medium"> ++ <VMSinfo VKey="230250" SVKey="230250r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 /var/log directory must be group-owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010290" disa="1453" severity="medium"> ++ <VMSinfo VKey="230251" SVKey="230251r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010291" disa="1453" severity="medium"> ++ <VMSinfo VKey="230252" SVKey="230252r5997" VRelease="r599778"/> ++ <title text="The AlmaLinux 8 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010292" disa="366" severity="low"> ++ <VMSinfo VKey="230253" SVKey="230253r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must ensure the SSH server uses strong entropy."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010293" disa="1453" severity="medium"> ++ <VMSinfo VKey="230254" SVKey="230254r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 operating system must implement DoD-approved encryption in the OpenSSL package."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010294" disa="1453" severity="medium"> ++ <VMSinfo VKey="230255" SVKey="230255r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010295" disa="1453" severity="medium"> ++ <VMSinfo VKey="230256" SVKey="230256r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010300" disa="1499" severity="medium"> ++ <VMSinfo VKey="230257" SVKey="230257r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 system commands must have mode 0755 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010310" disa="1499" severity="medium"> ++ <VMSinfo VKey="230258" SVKey="230258r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 system commands must be owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010320" disa="1499" severity="medium"> ++ <VMSinfo VKey="230259" SVKey="230259r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 system commands must be group-owned by root or a system account."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010330" disa="1499" severity="medium"> ++ <VMSinfo VKey="230260" SVKey="230260r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 library files must have mode 0755 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010340" disa="1499" severity="medium"> ++ <VMSinfo VKey="230261" SVKey="230261r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 library files must be owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010350" disa="1499" severity="medium"> ++ <VMSinfo VKey="230262" SVKey="230262r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 library files must be group-owned by root or a system account."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010360" disa="1744" severity="medium"> ++ <VMSinfo VKey="230263" SVKey="230263r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010370" disa="1749" severity="high"> ++ <VMSinfo VKey="230264" SVKey="230264r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010371" disa="1749" severity="high"> ++ <VMSinfo VKey="230265" SVKey="230265r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010372" disa="1749" severity="medium"> ++ <VMSinfo VKey="230266" SVKey="230266r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent the loading of a new kernel for later execution."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010373" disa="2165" severity="medium"> ++ <VMSinfo VKey="230267" SVKey="230267r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable kernel parameters to enforce discretionary access control on symlinks."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010374" disa="2165" severity="medium"> ++ <VMSinfo VKey="230268" SVKey="230268r5998" VRelease="r599818"/> ++ <title text="AlmaLinux 8 must enable kernel parameters to enforce discretionary access control on hardlinks."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010375" disa="1090" severity="low"> ++ <VMSinfo VKey="230269" SVKey="230269r5998" VRelease="r599820"/> ++ <title text="AlmaLinux 8 must restrict access to the kernel message buffer."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010376" disa="1090" severity="low"> ++ <VMSinfo VKey="230270" SVKey="230270r5998" VRelease="r599823"/> ++ <title text="AlmaLinux 8 must prevent kernel profiling by unprivileged users."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010380" disa="2038" severity="medium"> ++ <VMSinfo VKey="230271" SVKey="230271r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require users to provide a password for privilege escalation."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010381" disa="2038" severity="medium"> ++ <VMSinfo VKey="230272" SVKey="230272r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require users to reauthenticate for privilege escalation."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010390" disa="1948" severity="medium"> ++ <VMSinfo VKey="230273" SVKey="230273r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must have the packages required for multifactor authentication installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010400" disa="1948" severity="medium"> ++ <VMSinfo VKey="230274" SVKey="230274r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must implement certificate status checking for multifactor authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010410" disa="1953" severity="medium"> ++ <VMSinfo VKey="230275" SVKey="230275r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must accept Personal Identity Verification (PIV) credentials."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010420" disa="2824" severity="medium"> ++ <VMSinfo VKey="230276" SVKey="230276r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must implement non-executable data to protect its memory from unauthorized code execution."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010421" disa="1084" severity="medium"> ++ <VMSinfo VKey="230277" SVKey="230277r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must clear the page allocator to prevent use-after-free attacks."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010422" disa="1084" severity="medium"> ++ <VMSinfo VKey="230278" SVKey="230278r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable virtual syscalls."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010423" disa="1084" severity="medium"> ++ <VMSinfo VKey="230279" SVKey="230279r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must clear SLUB/SLAB objects to prevent use-after-free attacks."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010430" disa="2824" severity="medium"> ++ <VMSinfo VKey="230280" SVKey="230280r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010440" disa="2617" severity="low"> ++ <VMSinfo VKey="230281" SVKey="230281r5997" VRelease="r599732"/> ++ <title text="YUM must remove all software components after updated versions have been installed on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010450" disa="2696" severity="medium"> ++ <VMSinfo VKey="230282" SVKey="230282r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable the SELinux targeted policy."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010460" disa="366" severity="high"> ++ <VMSinfo VKey="230283" SVKey="230283r5997" VRelease="r599732"/> ++ <title text="There must be no shosts.equiv files on the AlmaLinux 8 operating system."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010470" disa="366" severity="high"> ++ <VMSinfo VKey="230284" SVKey="230284r5997" VRelease="r599732"/> ++ <title text="There must be no .shosts files on the AlmaLinux 8 operating system."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010471" disa="366" severity="low"> ++ <VMSinfo VKey="230285" SVKey="230285r5997" VRelease="r599779"/> ++ <title text="AlmaLinux 8 must enable the hardware random number generator entropy gatherer service."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010480" disa="366" severity="medium"> ++ <VMSinfo VKey="230286" SVKey="230286r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH public host key files must have mode 0644 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010490" disa="366" severity="medium"> ++ <VMSinfo VKey="230287" SVKey="230287r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH private host key files must have mode 0640 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010500" disa="366" severity="medium"> ++ <VMSinfo VKey="230288" SVKey="230288r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must perform strict mode checking of home directory configuration files."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010510" disa="366" severity="medium"> ++ <VMSinfo VKey="230289" SVKey="230289r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must not allow compression or must only allow compression after successful authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010520" disa="366" severity="medium"> ++ <VMSinfo VKey="230290" SVKey="230290r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must not allow authentication using known host’s authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010521" disa="366" severity="medium"> ++ <VMSinfo VKey="230291" SVKey="230291r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must not allow unused methods of authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010540" disa="366" severity="low"> ++ <VMSinfo VKey="230292" SVKey="230292r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use a separate file system for /var."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010541" disa="366" severity="low"> ++ <VMSinfo VKey="230293" SVKey="230293r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use a separate file system for /var/log."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010542" disa="366" severity="low"> ++ <VMSinfo VKey="230294" SVKey="230294r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use a separate file system for the system audit data path."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010543" disa="366" severity="medium"> ++ <VMSinfo VKey="230295" SVKey="230295r5997" VRelease="r599732"/> ++ <title text="A separate AlmaLinux 8 filesystem must be used for the /tmp directory."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010550" disa="770" severity="medium"> ++ <VMSinfo VKey="230296" SVKey="230296r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not permit direct logons to the root account using remote access via SSH."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010560" disa="366" severity="medium"> ++ <VMSinfo VKey="230297" SVKey="230297r5997" VRelease="r599732"/> ++ <title text="The auditd service must be running in AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010561" disa="366" severity="medium"> ++ <VMSinfo VKey="230298" SVKey="230298r5997" VRelease="r599732"/> ++ <title text="The rsyslog service must be running in AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010570" disa="366" severity="medium"> ++ <VMSinfo VKey="230299" SVKey="230299r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010571" disa="366" severity="medium"> ++ <VMSinfo VKey="230300" SVKey="230300r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010580" disa="366" severity="medium"> ++ <VMSinfo VKey="230301" SVKey="230301r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent special devices on non-root local partitions."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010590" disa="366" severity="medium"> ++ <VMSinfo VKey="230302" SVKey="230302r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent code from being executed on file systems that contain user home directories."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010600" disa="366" severity="medium"> ++ <VMSinfo VKey="230303" SVKey="230303r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent special devices on file systems that are used with removable media."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010610" disa="366" severity="medium"> ++ <VMSinfo VKey="230304" SVKey="230304r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent code from being executed on file systems that are used with removable media."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010620" disa="366" severity="medium"> ++ <VMSinfo VKey="230305" SVKey="230305r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010630" disa="366" severity="medium"> ++ <VMSinfo VKey="230306" SVKey="230306r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent code from being executed on file systems that are imported via Network File System (NFS)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010640" disa="366" severity="medium"> ++ <VMSinfo VKey="230307" SVKey="230307r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent special devices on file systems that are imported via Network File System (NFS)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010650" disa="366" severity="medium"> ++ <VMSinfo VKey="230308" SVKey="230308r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010660" disa="366" severity="medium"> ++ <VMSinfo VKey="230309" SVKey="230309r5997" VRelease="r599732"/> ++ <title text="Local AlmaLinux 8 initialization files must not execute world-writable programs."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010670" disa="366" severity="medium"> ++ <VMSinfo VKey="230310" SVKey="230310r5997" VRelease="r599780"/> ++ <title text="AlmaLinux 8 must disable kernel dumps unless needed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010671" disa="366" severity="medium"> ++ <VMSinfo VKey="230311" SVKey="230311r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the kernel.core_pattern."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010672" disa="366" severity="medium"> ++ <VMSinfo VKey="230312" SVKey="230312r5997" VRelease="r599782"/> ++ <title text="AlmaLinux 8 must disable acquiring, saving, and processing core dumps."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010673" disa="366" severity="medium"> ++ <VMSinfo VKey="230313" SVKey="230313r5997" VRelease="r599784"/> ++ <title text="AlmaLinux 8 must disable core dumps for all users."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010674" disa="366" severity="medium"> ++ <VMSinfo VKey="230314" SVKey="230314r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable storing core dumps."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010675" disa="366" severity="medium"> ++ <VMSinfo VKey="230315" SVKey="230315r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable core dump backtraces."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010680" disa="366" severity="medium"> ++ <VMSinfo VKey="230316" SVKey="230316r5997" VRelease="r599732"/> ++ <title text="For AlmaLinux 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010690" disa="366" severity="medium"> ++ <VMSinfo VKey="230317" SVKey="230317r5997" VRelease="r599732"/> ++ <title text="Executable search paths within the initialization files of all local interactive AlmaLinux 8 users must only contain paths that resolve to the system default or the users home directory."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010700" disa="366" severity="medium"> ++ <VMSinfo VKey="230318" SVKey="230318r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 world-writable directories must be owned by root, sys, bin, or an application group."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010710" disa="366" severity="medium"> ++ <VMSinfo VKey="230319" SVKey="230319r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 world-writable directories must be group-owned by root, sys, bin, or an application group."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010720" disa="366" severity="medium"> ++ <VMSinfo VKey="230320" SVKey="230320r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local interactive users must have a home directory assigned in the /etc/passwd file."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010730" disa="366" severity="medium"> ++ <VMSinfo VKey="230321" SVKey="230321r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local interactive user home directories must have mode 0750 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010740" disa="366" severity="medium"> ++ <VMSinfo VKey="230322" SVKey="230322r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local interactive user home directories must be group-owned by the home directory owner’s primary group."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010750" disa="366" severity="medium"> ++ <VMSinfo VKey="230323" SVKey="230323r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local interactive user home directories defined in the /etc/passwd file must exist."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010760" disa="366" severity="medium"> ++ <VMSinfo VKey="230324" SVKey="230324r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local interactive user accounts must be assigned a home directory upon creation."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010770" disa="366" severity="medium"> ++ <VMSinfo VKey="230325" SVKey="230325r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local initialization files must have mode 0740 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010780" disa="366" severity="medium"> ++ <VMSinfo VKey="230326" SVKey="230326r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local files and directories must have a valid owner."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010790" disa="366" severity="medium"> ++ <VMSinfo VKey="230327" SVKey="230327r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 local files and directories must have a valid group owner."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010800" disa="366" severity="medium"> ++ <VMSinfo VKey="230328" SVKey="230328r5997" VRelease="r599732"/> ++ <title text="A separate AlmaLinux 8 filesystem must be used for user home directories (such as /home or an equivalent)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010820" disa="366" severity="high"> ++ <VMSinfo VKey="230329" SVKey="230329r5997" VRelease="r599732"/> ++ <title text="Unattended or automatic logon via the AlmaLinux 8 graphical user interface must not be allowed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010830" disa="366" severity="medium"> ++ <VMSinfo VKey="230330" SVKey="230330r5997" VRelease="r599732"/> ++ <title text="Unattended or automatic logon to AlmaLinux 8 via ssh must not be allowed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020000" disa="16" severity="medium"> ++ <VMSinfo VKey="230331" SVKey="230331r5998" VRelease="r599824"/> ++ <title text="AlmaLinux 8 temporary user accounts must be provisioned with an expiration time of 72 hours or less."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020010" disa="44" severity="medium"> ++ <VMSinfo VKey="230332" SVKey="230332r5998" VRelease="r599827"/> ++ <title text="AlmaLinux 8 must automatically lock an account when three unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020011" disa="44" severity="medium"> ++ <VMSinfo VKey="230333" SVKey="230333r5998" VRelease="r599828"/> ++ <title text="AlmaLinux 8 must automatically lock an account when three unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020012" disa="44" severity="medium"> ++ <VMSinfo VKey="230334" SVKey="230334r5998" VRelease="r599829"/> ++ <title text="AlmaLinux 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020013" disa="44" severity="medium"> ++ <VMSinfo VKey="230335" SVKey="230335r5998" VRelease="r599830"/> ++ <title text="AlmaLinux 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020014" disa="44" severity="medium"> ++ <VMSinfo VKey="230336" SVKey="230336r5998" VRelease="r599831"/> ++ <title text="AlmaLinux 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020015" disa="44" severity="medium"> ++ <VMSinfo VKey="230337" SVKey="230337r5998" VRelease="r599832"/> ++ <title text="AlmaLinux 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020016" disa="44" severity="medium"> ++ <VMSinfo VKey="230338" SVKey="230338r5998" VRelease="r599833"/> ++ <title text="AlmaLinux 8 must ensure account lockouts persist."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020017" disa="44" severity="medium"> ++ <VMSinfo VKey="230339" SVKey="230339r5998" VRelease="r599834"/> ++ <title text="AlmaLinux 8 must ensure account lockouts persist."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020018" disa="44" severity="medium"> ++ <VMSinfo VKey="230340" SVKey="230340r5998" VRelease="r599835"/> ++ <title text="AlmaLinux 8 must prevent system messages from being presented when three unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020019" disa="44" severity="medium"> ++ <VMSinfo VKey="230341" SVKey="230341r5998" VRelease="r599836"/> ++ <title text="AlmaLinux 8 must prevent system messages from being presented when three unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020020" disa="44" severity="medium"> ++ <VMSinfo VKey="230342" SVKey="230342r5998" VRelease="r599837"/> ++ <title text="AlmaLinux 8 must log user name information when unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020021" disa="44" severity="medium"> ++ <VMSinfo VKey="230343" SVKey="230343r5998" VRelease="r599838"/> ++ <title text="AlmaLinux 8 must log user name information when unsuccessful logon attempts occur."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020022" disa="44" severity="medium"> ++ <VMSinfo VKey="230344" SVKey="230344r5998" VRelease="r599839"/> ++ <title text="AlmaLinux 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020023" disa="44" severity="medium"> ++ <VMSinfo VKey="230345" SVKey="230345r5998" VRelease="r599840"/> ++ <title text="AlmaLinux 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020024" disa="54" severity="low"> ++ <VMSinfo VKey="230346" SVKey="230346r5997" VRelease="r599786"/> ++ <title text="AlmaLinux 8 must limit the number of concurrent sessions to ten for all accounts and/or account types."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020030" disa="56" severity="medium"> ++ <VMSinfo VKey="230347" SVKey="230347r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020040" disa="56" severity="medium"> ++ <VMSinfo VKey="230348" SVKey="230348r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020041" disa="56" severity="medium"> ++ <VMSinfo VKey="230349" SVKey="230349r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must ensure session control is automatically started at shell initialization."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020042" disa="56" severity="low"> ++ <VMSinfo VKey="230350" SVKey="230350r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent users from disabling session control mechanisms."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020050" disa="56" severity="medium"> ++ <VMSinfo VKey="230351" SVKey="230351r5997" VRelease="r599792"/> ++ <title text="AlmaLinux 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020060" disa="57" severity="medium"> ++ <VMSinfo VKey="230352" SVKey="230352r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must automatically lock graphical user sessions after 15 minutes of inactivity."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020070" disa="57" severity="medium"> ++ <VMSinfo VKey="230353" SVKey="230353r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must automatically lock command line user sessions after 15 minutes of inactivity."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020080" disa="57" severity="medium"> ++ <VMSinfo VKey="230354" SVKey="230354r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent a user from overriding graphical user interface settings."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020090" disa="187" severity="medium"> ++ <VMSinfo VKey="230355" SVKey="230355r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must map the authenticated identity to the user or group account for PKI-based authentication."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020100" disa="192" severity="medium"> ++ <VMSinfo VKey="230356" SVKey="230356r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must ensure a password complexity module is enabled."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020110" disa="192" severity="medium"> ++ <VMSinfo VKey="230357" SVKey="230357r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enforce password complexity by requiring that at least one uppercase character be used."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020120" disa="193" severity="medium"> ++ <VMSinfo VKey="230358" SVKey="230358r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enforce password complexity by requiring that at least one lower-case character be used."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020130" disa="194" severity="medium"> ++ <VMSinfo VKey="230359" SVKey="230359r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enforce password complexity by requiring that at least one numeric character be used."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020140" disa="195" severity="medium"> ++ <VMSinfo VKey="230360" SVKey="230360r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020150" disa="195" severity="medium"> ++ <VMSinfo VKey="230361" SVKey="230361r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require the maximum number of repeating characters be limited to three when passwords are changed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020160" disa="195" severity="medium"> ++ <VMSinfo VKey="230362" SVKey="230362r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require the change of at least four character classes when passwords are changed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020170" disa="195" severity="medium"> ++ <VMSinfo VKey="230363" SVKey="230363r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must require the change of at least 8 characters when passwords are changed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020180" disa="198" severity="medium"> ++ <VMSinfo VKey="230364" SVKey="230364r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020190" disa="198" severity="medium"> ++ <VMSinfo VKey="230365" SVKey="230365r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020200" disa="199" severity="medium"> ++ <VMSinfo VKey="230366" SVKey="230366r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 user account passwords must have a 60-day maximum password lifetime restriction."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020210" disa="199" severity="medium"> ++ <VMSinfo VKey="230367" SVKey="230367r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020220" disa="200" severity="medium"> ++ <VMSinfo VKey="230368" SVKey="230368r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 passwords must be prohibited from reuse for a minimum of five generations."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020230" disa="205" severity="medium"> ++ <VMSinfo VKey="230369" SVKey="230369r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 passwords must have a minimum of 15 characters."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020231" disa="205" severity="medium"> ++ <VMSinfo VKey="230370" SVKey="230370r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 passwords for new users must have a minimum of 15 characters."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020240" disa="764" severity="medium"> ++ <VMSinfo VKey="230371" SVKey="230371r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 duplicate User IDs (UIDs) must not exist for interactive users."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020250" disa="765" severity="medium"> ++ <VMSinfo VKey="230372" SVKey="230372r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must implement smart card logon for multifactor authentication for access to interactive accounts."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020260" disa="795" severity="medium"> ++ <VMSinfo VKey="230373" SVKey="230373r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020270" disa="1682" severity="medium"> ++ <VMSinfo VKey="230374" SVKey="230374r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020280" disa="1619" severity="medium"> ++ <VMSinfo VKey="230375" SVKey="230375r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 passwords must contain at least one special character."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020290" disa="2007" severity="medium"> ++ <VMSinfo VKey="230376" SVKey="230376r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prohibit the use of cached authentications after one day."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020300" disa="366" severity="medium"> ++ <VMSinfo VKey="230377" SVKey="230377r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent the use of dictionary words for passwords."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020310" disa="366" severity="medium"> ++ <VMSinfo VKey="230378" SVKey="230378r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020320" disa="366" severity="medium"> ++ <VMSinfo VKey="230379" SVKey="230379r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have unnecessary accounts."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020330" disa="366" severity="high"> ++ <VMSinfo VKey="230380" SVKey="230380r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have accounts configured with blank or null passwords."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020340" disa="366" severity="low"> ++ <VMSinfo VKey="230381" SVKey="230381r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must display the date and time of the last successful account logon upon logon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020350" disa="366" severity="medium"> ++ <VMSinfo VKey="230382" SVKey="230382r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must display the date and time of the last successful account logon upon an SSH logon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020351" disa="366" severity="medium"> ++ <VMSinfo VKey="230383" SVKey="230383r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020352" disa="366" severity="medium"> ++ <VMSinfo VKey="230384" SVKey="230384r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must set the umask value to 077 for all local interactive user accounts."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020353" disa="366" severity="medium"> ++ <VMSinfo VKey="230385" SVKey="230385r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must define default permissions for logon and non-logon shells."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030000" disa="2233" severity="medium"> ++ <VMSinfo VKey="230386" SVKey="230386r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030010" disa="366" severity="medium"> ++ <VMSinfo VKey="230387" SVKey="230387r5997" VRelease="r599732"/> ++ <title text="Cron logging must be implemented in AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030020" disa="139" severity="medium"> ++ <VMSinfo VKey="230388" SVKey="230388r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030030" disa="139" severity="medium"> ++ <VMSinfo VKey="230389" SVKey="230389r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030040" disa="140" severity="medium"> ++ <VMSinfo VKey="230390" SVKey="230390r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 System must take appropriate action when an audit processing failure occurs."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030050" disa="140" severity="medium"> ++ <VMSinfo VKey="230391" SVKey="230391r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted when the audit storage volume is full."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030060" disa="140" severity="medium"> ++ <VMSinfo VKey="230392" SVKey="230392r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must take appropriate action when the audit storage volume is full."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030061" disa="366" severity="medium"> ++ <VMSinfo VKey="230393" SVKey="230393r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must audit local events."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030062" disa="1851" severity="medium"> ++ <VMSinfo VKey="230394" SVKey="230394r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must label all off-loaded audit logs before sending them to the central log server."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030063" disa="366" severity="low"> ++ <VMSinfo VKey="230395" SVKey="230395r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must resolve audit information before writing to disk."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030070" disa="162" severity="medium"> ++ <VMSinfo VKey="230396" SVKey="230396r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030080" disa="162" severity="medium"> ++ <VMSinfo VKey="230397" SVKey="230397r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit logs must be owned by root to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030090" disa="162" severity="medium"> ++ <VMSinfo VKey="230398" SVKey="230398r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit logs must be group-owned by root to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030100" disa="162" severity="medium"> ++ <VMSinfo VKey="230399" SVKey="230399r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit log directory must be owned by root to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030110" disa="162" severity="medium"> ++ <VMSinfo VKey="230400" SVKey="230400r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit log directory must be group-owned by root to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030120" disa="162" severity="medium"> ++ <VMSinfo VKey="230401" SVKey="230401r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030121" disa="162" severity="medium"> ++ <VMSinfo VKey="230402" SVKey="230402r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit system must protect auditing rules from unauthorized change."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030122" disa="162" severity="medium"> ++ <VMSinfo VKey="230403" SVKey="230403r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit system must protect logon UIDs from unauthorized change."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030130" disa="169" severity="medium"> ++ <VMSinfo VKey="230404" SVKey="230404r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030140" disa="169" severity="medium"> ++ <VMSinfo VKey="230405" SVKey="230405r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030150" disa="169" severity="medium"> ++ <VMSinfo VKey="230406" SVKey="230406r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030160" disa="169" severity="medium"> ++ <VMSinfo VKey="230407" SVKey="230407r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030170" disa="169" severity="medium"> ++ <VMSinfo VKey="230408" SVKey="230408r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030171" disa="169" severity="medium"> ++ <VMSinfo VKey="230409" SVKey="230409r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030172" disa="169" severity="medium"> ++ <VMSinfo VKey="230410" SVKey="230410r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030180" disa="169" severity="medium"> ++ <VMSinfo VKey="230411" SVKey="230411r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030190" disa="169" severity="medium"> ++ <VMSinfo VKey="230412" SVKey="230412r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the su command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030200" disa="169" severity="medium"> ++ <VMSinfo VKey="230413" SVKey="230413r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the lremovexattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030210" disa="169" severity="medium"> ++ <VMSinfo VKey="230414" SVKey="230414r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the removexattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030220" disa="169" severity="medium"> ++ <VMSinfo VKey="230415" SVKey="230415r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the lsetxattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030230" disa="169" severity="medium"> ++ <VMSinfo VKey="230416" SVKey="230416r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the fsetxattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030240" disa="169" severity="medium"> ++ <VMSinfo VKey="230417" SVKey="230417r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the fremovexattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030250" disa="169" severity="medium"> ++ <VMSinfo VKey="230418" SVKey="230418r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chage command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030260" disa="169" severity="medium"> ++ <VMSinfo VKey="230419" SVKey="230419r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chcon command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030270" disa="169" severity="medium"> ++ <VMSinfo VKey="230420" SVKey="230420r5997" VRelease="r599794"/> ++ <title text="The AlmaLinux 8 audit system must be configured to audit any usage of the setxattr system call."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030280" disa="169" severity="medium"> ++ <VMSinfo VKey="230421" SVKey="230421r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the ssh-agent in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030290" disa="169" severity="medium"> ++ <VMSinfo VKey="230422" SVKey="230422r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the passwd command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030300" disa="169" severity="medium"> ++ <VMSinfo VKey="230423" SVKey="230423r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the mount command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030301" disa="169" severity="medium"> ++ <VMSinfo VKey="230424" SVKey="230424r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the umount command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030302" disa="169" severity="medium"> ++ <VMSinfo VKey="230425" SVKey="230425r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the mount syscall in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030310" disa="169" severity="medium"> ++ <VMSinfo VKey="230426" SVKey="230426r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the unix_update in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030311" disa="169" severity="medium"> ++ <VMSinfo VKey="230427" SVKey="230427r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of postdrop in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030312" disa="169" severity="medium"> ++ <VMSinfo VKey="230428" SVKey="230428r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of postqueue in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030313" disa="169" severity="medium"> ++ <VMSinfo VKey="230429" SVKey="230429r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of semanage in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030314" disa="169" severity="medium"> ++ <VMSinfo VKey="230430" SVKey="230430r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of setfiles in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030315" disa="169" severity="medium"> ++ <VMSinfo VKey="230431" SVKey="230431r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of userhelper in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030316" disa="169" severity="medium"> ++ <VMSinfo VKey="230432" SVKey="230432r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of setsebool in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030317" disa="169" severity="medium"> ++ <VMSinfo VKey="230433" SVKey="230433r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of unix_chkpwd in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030320" disa="169" severity="medium"> ++ <VMSinfo VKey="230434" SVKey="230434r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the ssh-keysign in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030330" disa="169" severity="medium"> ++ <VMSinfo VKey="230435" SVKey="230435r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the setfacl command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030340" disa="169" severity="medium"> ++ <VMSinfo VKey="230436" SVKey="230436r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the pam_timestamp_check command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030350" disa="169" severity="medium"> ++ <VMSinfo VKey="230437" SVKey="230437r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the newgrp command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030360" disa="169" severity="medium"> ++ <VMSinfo VKey="230438" SVKey="230438r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the init_module command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030361" disa="169" severity="medium"> ++ <VMSinfo VKey="230439" SVKey="230439r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the rename command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030362" disa="169" severity="medium"> ++ <VMSinfo VKey="230440" SVKey="230440r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the renameat command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030363" disa="169" severity="medium"> ++ <VMSinfo VKey="230441" SVKey="230441r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the rmdir command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030364" disa="169" severity="medium"> ++ <VMSinfo VKey="230442" SVKey="230442r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the unlink command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030365" disa="169" severity="medium"> ++ <VMSinfo VKey="230443" SVKey="230443r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the unlinkat command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030370" disa="169" severity="medium"> ++ <VMSinfo VKey="230444" SVKey="230444r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the gpasswd command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030380" disa="169" severity="medium"> ++ <VMSinfo VKey="230445" SVKey="230445r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the finit_module command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030390" disa="169" severity="medium"> ++ <VMSinfo VKey="230446" SVKey="230446r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the delete_module command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030400" disa="169" severity="medium"> ++ <VMSinfo VKey="230447" SVKey="230447r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the crontab command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030410" disa="169" severity="medium"> ++ <VMSinfo VKey="230448" SVKey="230448r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chsh command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030420" disa="169" severity="medium"> ++ <VMSinfo VKey="230449" SVKey="230449r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the truncate command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030430" disa="169" severity="medium"> ++ <VMSinfo VKey="230450" SVKey="230450r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the openat system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030440" disa="169" severity="medium"> ++ <VMSinfo VKey="230451" SVKey="230451r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the open system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030450" disa="169" severity="medium"> ++ <VMSinfo VKey="230452" SVKey="230452r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the open_by_handle_at system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030460" disa="169" severity="medium"> ++ <VMSinfo VKey="230453" SVKey="230453r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the ftruncate command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030470" disa="169" severity="medium"> ++ <VMSinfo VKey="230454" SVKey="230454r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the creat system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030480" disa="169" severity="medium"> ++ <VMSinfo VKey="230455" SVKey="230455r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chown command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030490" disa="169" severity="medium"> ++ <VMSinfo VKey="230456" SVKey="230456r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chmod command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030500" disa="169" severity="medium"> ++ <VMSinfo VKey="230457" SVKey="230457r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the lchown system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030510" disa="169" severity="medium"> ++ <VMSinfo VKey="230458" SVKey="230458r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the fchownat system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030520" disa="169" severity="medium"> ++ <VMSinfo VKey="230459" SVKey="230459r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the fchown system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030530" disa="169" severity="medium"> ++ <VMSinfo VKey="230460" SVKey="230460r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the fchmodat system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030540" disa="169" severity="medium"> ++ <VMSinfo VKey="230461" SVKey="230461r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the fchmod system call in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030550" disa="169" severity="medium"> ++ <VMSinfo VKey="230462" SVKey="230462r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the sudo command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030560" disa="169" severity="medium"> ++ <VMSinfo VKey="230463" SVKey="230463r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the usermod command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030570" disa="169" severity="medium"> ++ <VMSinfo VKey="230464" SVKey="230464r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the chacl command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030580" disa="169" severity="medium"> ++ <VMSinfo VKey="230465" SVKey="230465r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful uses of the kmod command in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030590" disa="169" severity="medium"> ++ <VMSinfo VKey="230466" SVKey="230466r5998" VRelease="r599841"/> ++ <title text="Successful/unsuccessful modifications to the faillock log file in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030600" disa="169" severity="medium"> ++ <VMSinfo VKey="230467" SVKey="230467r5997" VRelease="r599732"/> ++ <title text="Successful/unsuccessful modifications to the lastlog file in AlmaLinux 8 must generate an audit record."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030601" disa="169" severity="low"> ++ <VMSinfo VKey="230468" SVKey="230468r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable auditing of processes that start prior to the audit daemon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030602" disa="1849" severity="low"> ++ <VMSinfo VKey="230469" SVKey="230469r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030603" disa="169" severity="low"> ++ <VMSinfo VKey="230470" SVKey="230470r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable Linux audit logging for the USBGuard daemon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030610" disa="171" severity="medium"> ++ <VMSinfo VKey="230471" SVKey="230471r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030620" disa="1493" severity="medium"> ++ <VMSinfo VKey="230472" SVKey="230472r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit tools must have a mode of 0755 or less permissive."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030630" disa="1493" severity="medium"> ++ <VMSinfo VKey="230473" SVKey="230473r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit tools must be owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030640" disa="1493" severity="medium"> ++ <VMSinfo VKey="230474" SVKey="230474r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 audit tools must be group-owned by root."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030650" disa="1496" severity="medium"> ++ <VMSinfo VKey="230475" SVKey="230475r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use cryptographic mechanisms to protect the integrity of audit tools."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030660" disa="1849" severity="medium"> ++ <VMSinfo VKey="230476" SVKey="230476r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030670" disa="366" severity="medium"> ++ <VMSinfo VKey="230477" SVKey="230477r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must have the packages required for offloading audit logs installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030680" disa="366" severity="medium"> ++ <VMSinfo VKey="230478" SVKey="230478r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must have the packages required for encrypting offloaded audit logs installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030690" disa="1851" severity="medium"> ++ <VMSinfo VKey="230479" SVKey="230479r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 audit records must be off-loaded onto a different system or storage media from the system being audited."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030700" disa="1851" severity="medium"> ++ <VMSinfo VKey="230480" SVKey="230480r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must take appropriate action when the internal event queue is full."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030710" disa="1851" severity="medium"> ++ <VMSinfo VKey="230481" SVKey="230481r5997" VRelease="r599796"/> ++ <title text="AlmaLinux 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030720" disa="1851" severity="medium"> ++ <VMSinfo VKey="230482" SVKey="230482r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must authenticate the remote logging server for off-loading audit logs."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030730" disa="1855" severity="medium"> ++ <VMSinfo VKey="230483" SVKey="230483r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030740" disa="1891" severity="medium"> ++ <VMSinfo VKey="230484" SVKey="230484r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must securely compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030741" disa="381" severity="low"> ++ <VMSinfo VKey="230485" SVKey="230485r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the chrony daemon from acting as a server."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030742" disa="381" severity="low"> ++ <VMSinfo VKey="230486" SVKey="230486r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable network management of the chrony daemon."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040000" disa="381" severity="high"> ++ <VMSinfo VKey="230487" SVKey="230487r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have the telnet-server package installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040001" disa="381" severity="medium"> ++ <VMSinfo VKey="230488" SVKey="230488r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have any automated bug reporting tools installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040002" disa="381" severity="medium"> ++ <VMSinfo VKey="230489" SVKey="230489r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have the sendmail package installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040003" disa="381" severity="medium"> ++ <VMSinfo VKey="230490" SVKey="230490r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have the gssproxy package installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040004" disa="381" severity="low"> ++ <VMSinfo VKey="230491" SVKey="230491r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enable mitigations against processor-based vulnerabilities."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040010" disa="381" severity="high"> ++ <VMSinfo VKey="230492" SVKey="230492r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not have the rsh-server package installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040020" disa="381" severity="medium"> ++ <VMSinfo VKey="230493" SVKey="230493r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must cover or disable the built-in or attached camera when not in use."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040021" disa="381" severity="low"> ++ <VMSinfo VKey="230494" SVKey="230494r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the asynchronous transfer mode (ATM) protocol."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040022" disa="381" severity="low"> ++ <VMSinfo VKey="230495" SVKey="230495r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the controller area network (CAN) protocol."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040023" disa="381" severity="low"> ++ <VMSinfo VKey="230496" SVKey="230496r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the stream control transmission (SCTP) protocol."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040024" disa="381" severity="low"> ++ <VMSinfo VKey="230497" SVKey="230497r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the transparent inter-process communication (TIPC) protocol."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040025" disa="381" severity="low"> ++ <VMSinfo VKey="230498" SVKey="230498r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable mounting of cramfs."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040026" disa="381" severity="low"> ++ <VMSinfo VKey="230499" SVKey="230499r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable IEEE 1394 (FireWire) Support."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040030" disa="382" severity="medium"> ++ <VMSinfo VKey="230500" SVKey="230500r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040060" disa="1941" severity="high"> ++ <VMSinfo VKey="230501" SVKey="230501r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must enforce SSHv2 for network access to all accounts."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040070" disa="778" severity="medium"> ++ <VMSinfo VKey="230502" SVKey="230502r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 file system automounter must be disabled unless required."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040080" disa="778" severity="medium"> ++ <VMSinfo VKey="230503" SVKey="230503r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must be configured to disable USB mass storage."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040090" disa="2314" severity="medium"> ++ <VMSinfo VKey="230504" SVKey="230504r5997" VRelease="r599732"/> ++ <title text="A AlmaLinux 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040100" disa="2314" severity="medium"> ++ <VMSinfo VKey="230505" SVKey="230505r5997" VRelease="r599732"/> ++ <title text="A firewall must be installed on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040110" disa="1444" severity="medium"> ++ <VMSinfo VKey="230506" SVKey="230506r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 wireless network adapters must be disabled."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040111" disa="1443" severity="medium"> ++ <VMSinfo VKey="230507" SVKey="230507r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 Bluetooth must be disabled."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040120" disa="1764" severity="medium"> ++ <VMSinfo VKey="230508" SVKey="230508r5997" VRelease="r599797"/> ++ <title text="AlmaLinux 8 must mount /dev/shm with the nodev option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040121" disa="1764" severity="medium"> ++ <VMSinfo VKey="230509" SVKey="230509r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must mount /dev/shm with the nosuid option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040122" disa="1764" severity="medium"> ++ <VMSinfo VKey="230510" SVKey="230510r5997" VRelease="r599798"/> ++ <title text="AlmaLinux 8 must mount /dev/shm with the noexec option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040123" disa="1764" severity="medium"> ++ <VMSinfo VKey="230511" SVKey="230511r5997" VRelease="r599799"/> ++ <title text="AlmaLinux 8 must mount /tmp with the nodev option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040124" disa="1764" severity="medium"> ++ <VMSinfo VKey="230512" SVKey="230512r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must mount /tmp with the nosuid option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040125" disa="1764" severity="medium"> ++ <VMSinfo VKey="230513" SVKey="230513r5998" VRelease="r599800"/> ++ <title text="AlmaLinux 8 must mount /tmp with the noexec option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040126" disa="1764" severity="medium"> ++ <VMSinfo VKey="230514" SVKey="230514r5998" VRelease="r599801"/> ++ <title text="AlmaLinux 8 must mount /var/log with the nodev option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040127" disa="1764" severity="medium"> ++ <VMSinfo VKey="230515" SVKey="230515r5998" VRelease="r599802"/> ++ <title text="AlmaLinux 8 must mount /var/log with the nosuid option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040128" disa="1764" severity="medium"> ++ <VMSinfo VKey="230516" SVKey="230516r5998" VRelease="r599803"/> ++ <title text="AlmaLinux 8 must mount /var/log with the noexec option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040129" disa="1764" severity="medium"> ++ <VMSinfo VKey="230517" SVKey="230517r5998" VRelease="r599804"/> ++ <title text="AlmaLinux 8 must mount /var/log/audit with the nodev option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040130" disa="1764" severity="medium"> ++ <VMSinfo VKey="230518" SVKey="230518r5998" VRelease="r599805"/> ++ <title text="AlmaLinux 8 must mount /var/log/audit with the nosuid option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040131" disa="1764" severity="medium"> ++ <VMSinfo VKey="230519" SVKey="230519r5998" VRelease="r599806"/> ++ <title text="AlmaLinux 8 must mount /var/log/audit with the noexec option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040132" disa="1764" severity="medium"> ++ <VMSinfo VKey="230520" SVKey="230520r5998" VRelease="r599807"/> ++ <title text="AlmaLinux 8 must mount /var/tmp with the nodev option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040133" disa="1764" severity="medium"> ++ <VMSinfo VKey="230521" SVKey="230521r5998" VRelease="r599808"/> ++ <title text="AlmaLinux 8 must mount /var/tmp with the nosuid option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040134" disa="1764" severity="medium"> ++ <VMSinfo VKey="230522" SVKey="230522r5998" VRelease="r599809"/> ++ <title text="AlmaLinux 8 must mount /var/tmp with the noexec option."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040135" disa="1764" severity="medium"> ++ <VMSinfo VKey="230523" SVKey="230523r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040140" disa="1958" severity="medium"> ++ <VMSinfo VKey="230524" SVKey="230524r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must block unauthorized peripherals before establishing a connection."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040150" disa="2385" severity="medium"> ++ <VMSinfo VKey="230525" SVKey="230525r5997" VRelease="r599732"/> ++ <title text="A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AlmaLinux 8 can implement rate-limiting measures on impacted network interfaces."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040160" disa="2418" severity="medium"> ++ <VMSinfo VKey="230526" SVKey="230526r5997" VRelease="r599732"/> ++ <title text="All AlmaLinux 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040161" disa="68" severity="medium"> ++ <VMSinfo VKey="230527" SVKey="230527r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must force a frequent session key renegotiation for SSH connections to the server."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040162" disa="68" severity="medium"> ++ <VMSinfo VKey="230528" SVKey="230528r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must force a frequent session key renegotiation for SSH connections by the client."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040170" disa="366" severity="high"> ++ <VMSinfo VKey="230529" SVKey="230529r5998" VRelease="r599811"/> ++ <title text="The x86 Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040171" disa="366" severity="high"> ++ <VMSinfo VKey="230530" SVKey="230530r5997" VRelease="r599732"/> ++ <title text="The x86 Ctrl-Alt-Delete key sequence in AlmaLinux 8 must be disabled if a graphical user interface is installed."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040172" disa="366" severity="high"> ++ <VMSinfo VKey="230531" SVKey="230531r5998" VRelease="r599813"/> ++ <title text="The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux 8 must be disabled."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040180" disa="366" severity="medium"> ++ <VMSinfo VKey="230532" SVKey="230532r5998" VRelease="r599815"/> ++ <title text="The debug-shell systemd service must be disabled on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040190" disa="366" severity="high"> ++ <VMSinfo VKey="230533" SVKey="230533r5997" VRelease="r599732"/> ++ <title text="The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for AlmaLinux 8 operational support."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040200" disa="366" severity="high"> ++ <VMSinfo VKey="230534" SVKey="230534r5997" VRelease="r599732"/> ++ <title text="The root account must be the only account having unrestricted access to the AlmaLinux 8 system."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040210" disa="366" severity="medium"> ++ <VMSinfo VKey="230535" SVKey="230535r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040220" disa="366" severity="medium"> ++ <VMSinfo VKey="230536" SVKey="230536r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not send Internet Control Message Protocol (ICMP) redirects."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040230" disa="366" severity="medium"> ++ <VMSinfo VKey="230537" SVKey="230537r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040240" disa="366" severity="medium"> ++ <VMSinfo VKey="230538" SVKey="230538r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not forward source-routed packets."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040250" disa="366" severity="medium"> ++ <VMSinfo VKey="230539" SVKey="230539r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not forward source-routed packets by default."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040260" disa="366" severity="medium"> ++ <VMSinfo VKey="230540" SVKey="230540r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not be performing packet forwarding unless the system is a router."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040261" disa="366" severity="medium"> ++ <VMSinfo VKey="230541" SVKey="230541r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not accept router advertisements on all IPv6 interfaces."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040262" disa="366" severity="medium"> ++ <VMSinfo VKey="230542" SVKey="230542r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not accept router advertisements on all IPv6 interfaces by default."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040270" disa="366" severity="medium"> ++ <VMSinfo VKey="230543" SVKey="230543r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040280" disa="366" severity="medium"> ++ <VMSinfo VKey="230544" SVKey="230544r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must ignore Internet Control Message Protocol (ICMP) redirect messages."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040281" disa="366" severity="medium"> ++ <VMSinfo VKey="230545" SVKey="230545r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable access to network bpf syscall from unprivileged processes."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040282" disa="366" severity="medium"> ++ <VMSinfo VKey="230546" SVKey="230546r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must restrict usage of ptrace to descendant processes."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040283" disa="366" severity="medium"> ++ <VMSinfo VKey="230547" SVKey="230547r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must restrict exposed kernel pointer addresses access."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040284" disa="366" severity="medium"> ++ <VMSinfo VKey="230548" SVKey="230548r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must disable the use of user namespaces."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040285" disa="366" severity="medium"> ++ <VMSinfo VKey="230549" SVKey="230549r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must use reverse path filtering on all IPv4 interfaces."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040290" disa="366" severity="medium"> ++ <VMSinfo VKey="230550" SVKey="230550r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 must be configured to prevent unrestricted mail relaying."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040300" disa="366" severity="low"> ++ <VMSinfo VKey="230551" SVKey="230551r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 file integrity tool must be configured to verify extended attributes."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040310" disa="366" severity="low"> ++ <VMSinfo VKey="230552" SVKey="230552r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 file integrity tool must be configured to verify Access Control Lists (ACLs)."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040320" disa="366" severity="medium"> ++ <VMSinfo VKey="230553" SVKey="230553r5997" VRelease="r599732"/> ++ <title text="The graphical display manager must not be installed on AlmaLinux 8 unless approved."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040330" disa="366" severity="medium"> ++ <VMSinfo VKey="230554" SVKey="230554r5997" VRelease="r599732"/> ++ <title text="AlmaLinux 8 network interfaces must not be in promiscuous mode."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040340" disa="366" severity="medium"> ++ <VMSinfo VKey="230555" SVKey="230555r5998" VRelease="r599816"/> ++ <title text="AlmaLinux 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040341" disa="366" severity="medium"> ++ <VMSinfo VKey="230556" SVKey="230556r5997" VRelease="r599732"/> ++ <title text="The AlmaLinux 8 SSH daemon must prevent remote hosts from connecting to the proxy display."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040350" disa="366" severity="medium"> ++ <VMSinfo VKey="230557" SVKey="230557r5997" VRelease="r599732"/> ++ <title text="If the Trivial File Transfer Protocol (TFTP) server is required, the AlmaLinux 8 TFTP daemon must be configured to operate in secure mode."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040360" disa="366" severity="high"> ++ <VMSinfo VKey="230558" SVKey="230558r5997" VRelease="r599732"/> ++ <title text="A File Transfer Protocol (FTP) server package must not be installed unless mission essential on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040370" disa="366" severity="medium"> ++ <VMSinfo VKey="230559" SVKey="230559r5997" VRelease="r599732"/> ++ <title text="The gssproxy package must not be installed unless mission essential on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040380" disa="366" severity="medium"> ++ <VMSinfo VKey="230560" SVKey="230560r5997" VRelease="r599732"/> ++ <title text="The iprutils package must not be installed unless mission essential on AlmaLinux 8."/> ++ </overlay> ++ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040390" disa="366" severity="medium"> ++ <VMSinfo VKey="230561" SVKey="230561r5997" VRelease="r599732"/> ++ <title text="The tuned package must not be installed unless mission essential on AlmaLinux 8."/> ++ </overlay> ++</overlays> +diff --git a/almalinux8/product.yml b/almalinux8/product.yml +new file mode 100644 +index 00000000..1b4f12b9 +--- /dev/null ++++ b/almalinux8/product.yml +@@ -0,0 +1,27 @@ ++product: almalinux8 ++full_name: AlmaLinux 8 ++type: platform ++ ++benchmark_root: "../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "yum" ++ ++init_system: "systemd" ++ ++oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml" ++ ++pkg_release: "5ffd890e" ++pkg_version: "3abb34f8" ++ ++cpes_root: "../shared/applicability" ++cpes: ++ - almalinux8: ++ name: "cpe:/o:almalinux:almalinux:8" ++ title: "AlmaLinux 8" ++ check_id: installed_OS_is_almalinux8 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" +diff --git a/almalinux8/profiles/anssi_bp28_enhanced.profile b/almalinux8/profiles/anssi_bp28_enhanced.profile +new file mode 100644 +index 00000000..bbc11353 +--- /dev/null ++++ b/almalinux8/profiles/anssi_bp28_enhanced.profile +@@ -0,0 +1,16 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (enhanced)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the enhanced hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:enhanced ++ - '!selinux_state' +diff --git a/almalinux8/profiles/anssi_bp28_high.profile b/almalinux8/profiles/anssi_bp28_high.profile +new file mode 100644 +index 00000000..848612ec +--- /dev/null ++++ b/almalinux8/profiles/anssi_bp28_high.profile +@@ -0,0 +1,15 @@ ++documentation_complete: false ++ ++title: 'DRAFT - ANSSI-BP-028 (high)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the high hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:high +diff --git a/almalinux8/profiles/anssi_bp28_intermediary.profile b/almalinux8/profiles/anssi_bp28_intermediary.profile +new file mode 100644 +index 00000000..a5920316 +--- /dev/null ++++ b/almalinux8/profiles/anssi_bp28_intermediary.profile +@@ -0,0 +1,15 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (intermediary)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the intermediary hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:intermediary +diff --git a/almalinux8/profiles/anssi_bp28_minimal.profile b/almalinux8/profiles/anssi_bp28_minimal.profile +new file mode 100644 +index 00000000..cef83941 +--- /dev/null ++++ b/almalinux8/profiles/anssi_bp28_minimal.profile +@@ -0,0 +1,16 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (minimal)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the minimal hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:minimal ++ +diff --git a/almalinux8/profiles/cis.profile b/almalinux8/profiles/cis.profile +new file mode 100644 +index 00000000..f2728200 +--- /dev/null ++++ b/almalinux8/profiles/cis.profile +@@ -0,0 +1,1089 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.0 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/almalinux/ ++ ++title: 'CIS AlmaLinux 8 Benchmark' ++ ++description: |- ++ This profile defines a baseline that aligns to the Center for Internet Security® ++ AlmaLinux 8 Benchmark™, v1.0.0, DRAFT, released 08-20-2021. ++ ++ This profile includes Center for Internet Security® ++ AlmaLinux 8 CIS Benchmarks™ content. ++ ++selections: ++ # Necessary for dconf rules ++ - dconf_db_up_to_date ++ ++ ### Partitioning ++ - mount_option_home_nodev ++ ++ ## 1.1 Filesystem Configuration ++ ++ ### 1.1.1 Disable unused filesystems ++ ++ #### 1.1.1.1 Ensure mounting cramfs filesystems is disabled (Scored) ++ - kernel_module_cramfs_disabled ++ ++ #### 1.1.1.2 Ensure mounting of vFAT filesystems is limited (Not Scored) ++ ++ ++ #### 1.1.1.3 Ensure mounting of squashfs filesystems is disabled (Scored) ++ - kernel_module_squashfs_disabled ++ ++ #### 1.1.1.4 Ensure mounting of udf filesystems is disabled (Scored) ++ - kernel_module_udf_disabled ++ ++ ### 1.1.2 Ensure /tmp is configured (Scored) ++ - partition_for_tmp ++ ++ ### 1.1.3 Ensure nodev option set on /tmp partition (Scored) ++ - mount_option_tmp_nodev ++ ++ ### 1.1.4 Ensure nosuid option set on /tmp partition (Scored) ++ - mount_option_tmp_nosuid ++ ++ ### 1.1.5 Ensure noexec option set on /tmp partition (Scored) ++ - mount_option_tmp_noexec ++ ++ ### 1.1.6 Ensure separate partition exists for /var (Scored) ++ - partition_for_var ++ ++ ### 1.1.7 Ensure separate partition exists for /var/tmp (Scored) ++ - partition_for_var_tmp ++ ++ ### 1.1.8 Ensure nodev option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_nodev ++ ++ ### 1.1.9 Ensure nosuid option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_nosuid ++ ++ ### 1.1.10 Ensure noexec option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_noexec ++ ++ ### 1.1.11 Ensure separate partition exists for /var/log (Scored) ++ - partition_for_var_log ++ ++ ### 1.1.12 Ensure separate partition exists for /var/log/audit (Scored) ++ - partition_for_var_log_audit ++ ++ ### 1.1.13 Ensure separate partition exists for /home (Scored) ++ - partition_for_home ++ ++ ### 1.1.14 Ensure nodev option set on /home partition (Scored) ++ - mount_option_home_nodev ++ ++ ### 1.1.15 Ensure nodev option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_nodev ++ ++ ### 1.1.16 Ensure nosuid option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_nosuid ++ ++ ### 1.1.17 Ensure noexec option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_noexec ++ ++ ### 1.1.18 Ensure nodev option set on removable media partitions (Not Scored) ++ - mount_option_nodev_removable_partitions ++ ++ ### 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored) ++ - mount_option_nosuid_removable_partitions ++ ++ ### 1.1.20 Ensure noexec option set on removable media partitions (Not Scored) ++ - mount_option_noexec_removable_partitions ++ ++ ### 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored) ++ - dir_perms_world_writable_sticky_bits ++ ++ ### 1.1.22 Disable Automounting (Scored) ++ - service_autofs_disabled ++ ++ ### 1.1.23 Disable USB Storage (Scored) ++ - kernel_module_usb-storage_disabled ++ ++ ## 1.2 Configure Software Updates ++ ++ ### 1.2.1 Ensure Red Hat Subscription Manager connection is configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5218 ++ ++ ### 1.2.2 Disable the rhnsd Daemon (Not Scored) ++ - service_rhnsd_disabled ++ ++ ### 1.2.3 Ensure GPG keys are configured (Not Scored) ++ - ensure_almalinux_gpgkey_installed ++ ++ ### 1.2.4 Ensure gpgcheck is globally activated (Scored) ++ - ensure_gpgcheck_globally_activated ++ ++ ### 1.2.5 Ensure package manager repositories are configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5219 ++ ++ ## 1.3 Configure sudo ++ ++ ### 1.3.1 Ensure sudo is installed (Scored) ++ - package_sudo_installed ++ ++ ### 1.3.2 Ensure sudo commands use pty (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5220 ++ ++ ### 1.3.3 Ensure sudo log file exists (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5221 ++ ++ ## 1.4 Filesystem Integrity Checking ++ ++ ### 1.4.1 Ensure AIDE is installed (Scored) ++ - package_aide_installed ++ ++ ### 1.4.2 Ensure filesystem integrity is regularly checked (Scored) ++ - aide_periodic_cron_checking ++ ++ ## Secure Boot Settings ++ ++ ### 1.5.1 Ensure permissions on bootloader config are configured (Scored) ++ #### chown root:root /boot/grub2/grub.cfg ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ ++ #### chmod og-rwx /boot/grub2/grub.cfg ++ - file_permissions_grub2_cfg ++ ++ #### chown root:root /boot/grub2/grubenv ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 ++ ++ #### chmod og-rwx /boot/grub2/grubenv ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 ++ ++ ### 1.5.2 Ensure bootloader password is set (Scored) ++ - grub2_password ++ ++ ### 1.5.3 Ensure authentication required for single user mode (Scored) ++ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue ++ - require_singleuser_auth ++ ++ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency ++ - require_emergency_target_auth ++ ++ ## 1.6 Additional Process Hardening ++ ++ ### 1.6.1 Ensure core dumps are restricted (Scored) ++ #### * hard core 0 ++ - disable_users_coredumps ++ ++ #### fs.suid_dumpable = 0 ++ - sysctl_fs_suid_dumpable ++ ++ #### ProcessSizeMax=0 ++ - coredump_disable_backtraces ++ ++ #### Storage=none ++ - coredump_disable_storage ++ ++ ### 1.6.2 Ensure address space layout randomization (ASLR) is enabled ++ - sysctl_kernel_randomize_va_space ++ ++ ## 1.7 Mandatory Access Control ++ ++ ### 1.7.1 Configure SELinux ++ ++ #### 1.7.1.1 Ensure SELinux is installed (Scored) ++ - package_libselinux_installed ++ ++ #### 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration (Scored) ++ - grub2_enable_selinux ++ ++ #### 1.7.1.3 Ensure SELinux policy is configured (Scored) ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ #### 1.7.1.4 Ensure the SELinux state is enforcing (Scored) ++ - var_selinux_state=enforcing ++ - selinux_state ++ ++ #### 1.7.1.5 Ensure no unconfied services exist (Scored) ++ - selinux_confinement_of_daemons ++ ++ #### 1.7.1.6 Ensure SETroubleshoot is not installed (Scored) ++ - package_setroubleshoot_removed ++ ++ #### 1.7.1.7 Ensure the MCS Translation Service (mcstrans) is not installed (Scored) ++ - package_mcstrans_removed ++ ++ ## Warning Banners ++ ++ ### 1.8.1 Command Line Warning Baners ++ ++ #### 1.8.1.1 Ensure message of the day is configured properly (Scored) ++ - banner_etc_motd ++ ++ #### 1.8.1.2 Ensure local login warning banner is configured properly (Scored) ++ - banner_etc_issue ++ ++ #### 1.8.1.3 Ensure remote login warning banner is configured properly (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5225 ++ ++ #### 1.8.1.4 Ensure permissions on /etc/motd are configured (Scored) ++ # chmod u-x,go-wx /etc/motd ++ - file_permissions_etc_motd ++ ++ #### 1.8.1.5 Ensure permissions on /etc/issue are configured (Scored) ++ # chmod u-x,go-wx /etc/issue ++ - file_permissions_etc_issue ++ ++ #### 1.8.1.6 Ensure permissions on /etc/issue.net are configured (Scored) ++ # Previously addressed via 'rpm_verify_permissions' rule ++ ++ ### 1.8.2 Ensure GDM login banner is configured (Scored) ++ #### banner-message-enable=true ++ - dconf_gnome_banner_enabled ++ ++ #### banner-message-text='<banner message>' ++ - dconf_gnome_login_banner_text ++ ++ ## 1.9 Ensure updates, patches, and additional security software are installed (Scored) ++ - security_patches_up_to_date ++ ++ ## 1.10 Ensure system-wide crypto policy is not legacy (Scored) ++ #- var_system_crypto_policy ++ - configure_crypto_policy ++ ++ ## 1.11 Ensure system-wide crytpo policy is FUTURE or FIPS (Scored) ++ # Previously addressed via 'configure_crypto_policy' rule ++ ++ # Services ++ ++ ## 2.1 inetd Services ++ ++ ### 2.1.1 Ensure xinetd is not installed (Scored) ++ - package_xinetd_removed ++ ++ ## 2.2 Special Purpose Services ++ ++ ### 2.2.1 Time Synchronization ++ ++ #### 2.2.1.1 Ensure time synchronization is in use (Not Scored) ++ - package_chrony_installed ++ ++ #### 2.2.1.2 Ensure chrony is configured (Scored) ++ - service_chronyd_enabled ++ - chronyd_specify_remote_server ++ - chronyd_run_as_chrony_user ++ ++ ### 2.2.2 Ensure X Window System is not installed (Scored) ++ - package_xorg-x11-server-common_removed ++ - xwindows_runlevel_target ++ ++ ### 2.2.3 Ensure rsync service is not enabled (Scored) ++ - service_rsyncd_disabled ++ ++ ### 2.2.4 Ensure Avahi Server is not enabled (Scored) ++ - service_avahi-daemon_disabled ++ ++ ### 2.2.5 Ensure SNMP Server is not enabled (Scored) ++ - service_snmpd_disabled ++ ++ ### 2.2.6 Ensure HTTP Proxy Server is not enabled (Scored) ++ - package_squid_removed ++ ++ ### 2.2.7 Ensure Samba is not enabled (Scored) ++ - service_smb_disabled ++ ++ ### 2.2.8 Ensure IMAP and POP3 server is not enabled (Scored) ++ - service_dovecot_disabled ++ ++ ### 2.2.9 Ensure HTTP server is not enabled (Scored) ++ - service_httpd_disabled ++ ++ ### 2.2.10 Ensure FTP Server is not enabled (Scored) ++ - service_vsftpd_disabled ++ ++ ### 2.2.11 Ensure DNS Server is not enabled (Scored) ++ - service_named_disabled ++ ++ ### 2.2.12 Ensure NFS is not enabled (Scored) ++ - service_nfs_disabled ++ ++ ### 2.2.13 Ensure RPC is not enabled (Scored) ++ - service_rpcbind_disabled ++ ++ ### 2.2.14 Ensure LDAP service is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5231 ++ ++ ### 2.2.15 Ensure DHCP Server is not enabled (Scored) ++ - service_dhcpd_disabled ++ ++ ### 2.2.16 Ensure CUPS is not enabled (Scored) ++ - service_cups_disabled ++ ++ ### 2.2.17 Ensure NIS Server is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5232 ++ ++ ### 2.2.18 Ensure mail transfer agent is configured for ++ ### local-only mode (Scored) ++ - postfix_network_listening_disabled ++ ++ ## 2.3 Service Clients ++ ++ ### 2.3.1 Ensure NIS Client is not installed (Scored) ++ - package_ypbind_removed ++ ++ ### 2.3.2 Ensure telnet client is not installed (Scored) ++ - package_telnet_removed ++ ++ ### Ensure LDAP client is not installed ++ - package_openldap-clients_removed ++ ++ # 3 Network Configuration ++ ++ ## 3.1 Network Parameters (Host Only) ++ ++ ### 3.1.1 Ensure IP forwarding is disabled (Scored) ++ #### net.ipv4.ip_forward = 0 ++ - sysctl_net_ipv4_ip_forward ++ ++ #### net.ipv6.conf.all.forwarding = 0 ++ - sysctl_net_ipv6_conf_all_forwarding ++ ++ ### 3.1.2 Ensure packet redirect sending is disabled (Scored) ++ #### net.ipv4.conf.all.send_redirects = 0 ++ - sysctl_net_ipv4_conf_all_send_redirects ++ ++ #### net.ipv4.conf.default.send_redirects = 0 ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ ## 3.2 Network Parameters (Host and Router) ++ ++ ### 3.2.1 Ensure source routed packets are not accepted (Scored) ++ #### net.ipv4.conf.all.accept_source_route = 0 ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ ++ #### net.ipv4.conf.default.accept_source_route = 0 ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ ++ #### net.ipv6.conf.all.accept_source_route = 0 ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ ++ #### net.ipv6.conf.default.accept_source_route = 0 ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ ++ ### 3.2.2 Ensure ICMP redirects are not accepted (Scored) ++ #### net.ipv4.conf.all.accept_redirects = 0 ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ ++ #### net.ipv4.conf.default.accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ ++ #### net.ipv6.conf.all.accept_redirects = 0 ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ ++ #### net.ipv6.conf.defaults.accept_redirects = 0 ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ ++ ### 3.2.3 Ensure secure ICMP redirects are not accepted (Scored) ++ #### net.ipv4.conf.all.secure_redirects = 0 ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ ++ #### net.ipv4.cof.default.secure_redirects = 0 ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ ++ ### 3.2.4 Ensure suspicious packets are logged (Scored) ++ #### net.ipv4.conf.all.log_martians = 1 ++ - sysctl_net_ipv4_conf_all_log_martians ++ ++ #### net.ipv4.conf.default.log_martians = 1 ++ - sysctl_net_ipv4_conf_default_log_martians ++ ++ ### 3.2.5 Ensure broadcast ICMP requests are ignored (Scored) ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ ++ ### 3.2.6 Ensure bogus ICMP responses are ignored (Scored) ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ ++ ### 3.2.7 Ensure Reverse Path Filtering is enabled (Scored) ++ #### net.ipv4.conf.all.rp_filter = 1 ++ - sysctl_net_ipv4_conf_all_rp_filter ++ ++ #### net.ipv4.conf.default.rp_filter = 1 ++ - sysctl_net_ipv4_conf_default_rp_filter ++ ++ ### 3.2.8 Ensure TCP SYN Cookies is enabled (Scored) ++ - sysctl_net_ipv4_tcp_syncookies ++ ++ ### 3.2.9 Ensure IPv6 router advertisements are not accepted (Scored) ++ #### net.ipv6.conf.all.accept_ra = 0 ++ - sysctl_net_ipv6_conf_all_accept_ra ++ ++ #### net.ipv6.conf.default.accept_ra = 0 ++ - sysctl_net_ipv6_conf_default_accept_ra ++ ++ ## 3.3 Uncommon Network Protocols ++ ++ ### 3.3.1 Ensure DCCP is disabled (Scored) ++ - kernel_module_dccp_disabled ++ ++ ### Ensure SCTP is disabled (Scored) ++ - kernel_module_sctp_disabled ++ ++ ### 3.3.3 Ensure RDS is disabled (Scored) ++ - kernel_module_rds_disabled ++ ++ ### 3.3.4 Ensure TIPC is disabled (Scored) ++ - kernel_module_tipc_disabled ++ ++ ## 3.4 Firewall Configuration ++ ++ ### 3.4.1 Ensure Firewall software is installed ++ ++ #### 3.4.1.1 Ensure a Firewall package is installed (Scored) ++ ##### firewalld ++ - package_firewalld_installed ++ ++ ##### nftables ++ #NEED RULE - https://github.com/ComplianceAsCode/content/issues/5237 ++ ++ ##### iptables ++ #- package_iptables_installed ++ ++ ### 3.4.2 Configure firewalld ++ ++ #### 3.4.2.1 Ensure firewalld service is enabled and running (Scored) ++ - service_firewalld_enabled ++ ++ #### 3.4.2.2 Ensure iptables is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5238 ++ ++ #### 3.4.2.3 Ensure nftables is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5239 ++ ++ #### 3.4.2.4 Ensure default zone is set (Scored) ++ - set_firewalld_default_zone ++ ++ #### 3.4.2.5 Ensure network interfaces are assigned to ++ #### appropriate zone (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5240 ++ ++ #### 3.4.2.6 Ensure unnecessary services and ports are not ++ #### accepted (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5241 ++ ++ ### 3.4.3 Configure nftables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5242 ++ ++ #### 3.4.3.1 Ensure iptables are flushed (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5243 ++ ++ #### 3.4.3.2 Ensure a table exists (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5244 ++ ++ #### 3.4.3.3 Ensure base chains exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5245 ++ ++ #### 3.4.3.4 Ensure loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5246 ++ ++ #### 3.4.3.5 Ensure outbound and established connections are ++ #### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5247 ++ ++ #### 3.4.3.6 Ensure default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5248 ++ ++ #### 3.4.3.7 Ensure nftables service is enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5249 ++ ++ #### 3.4.3.8 Ensure nftables rules are permanent (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5250 ++ ++ ### 3.4.4 Configure iptables ++ ++ #### 3.4.4.1 Configure IPv4 iptables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5251 ++ ++ ##### 3.4.4.1.1 Ensure default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5252 ++ ++ ##### 3.4.4.1.2 Ensure loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5253 ++ ++ ##### 3.4.4.1.3 Ensure outbound and established connections are ++ ##### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5254 ++ ++ ##### 3.4.4.1.4 Ensure firewall rules exist for all open ports (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5255 ++ ++ #### 3.4.4.2 Configure IPv6 ip6tables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5256 ++ ++ ##### 3.4.4.2.1 Ensure IPv6 default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5257 ++ ++ ##### 3.4.4.2.2 Ensure IPv6 loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5258 ++ ++ ##### 3.4.4.2.3 Ensure IPv6 outbound and established connections are ++ ##### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5260 ++ ++ ## 3.5 Ensure wireless interfaces are disabled (Scored) ++ - wireless_disable_interfaces ++ ++ ## 3.6 Disable IPv6 (Not Scored) ++ - kernel_module_ipv6_option_disabled ++ ++ # Logging and Auditing ++ ++ ## 4.1 Configure System Accounting (auditd) ++ ++ ### 4.1.1 Ensure auditing is enabled ++ ++ #### 4.1.1.1 Ensure auditd is installed (Scored) ++ - package_audit_installed ++ ++ #### 4.1.1.2 Ensure auditd service is enabled (Scored) ++ - service_auditd_enabled ++ ++ #### 4.1.1.3 Ensure auditing for processes that start prior to audit ++ #### is enabled (Scored) ++ - grub2_audit_argument ++ ++ #### 4.1.1.4 Ensure audit_backlog_limit is sufficient (Scored) ++ - grub2_audit_backlog_limit_argument ++ ++ ### 4.1.2 Configure Data Retention ++ ++ #### 4.1.2.1 Ensure audit log storage size is configured (Scored) ++ - auditd_data_retention_max_log_file ++ ++ #### 4.1.2.2 Ensure audit logs are not automatically deleted (Scored) ++ - auditd_data_retention_max_log_file_action ++ ++ #### 4.1.2.3 Ensure system is disabled when audit logs are full (Scored) ++ - var_auditd_space_left_action=email ++ - auditd_data_retention_space_left_action ++ ++ ##### action_mail_acct = root ++ - var_auditd_action_mail_acct=root ++ - auditd_data_retention_action_mail_acct ++ ++ ##### admin_space_left_action = halt ++ - var_auditd_admin_space_left_action=halt ++ - auditd_data_retention_admin_space_left_action ++ ++ ### 4.1.3 Ensure changes to system administration scope ++ ### (sudoers) is collected (Scored) ++ - audit_rules_sysadmin_actions ++ ++ ### 4.1.4 Ensure login and logout events are collected (Scored) ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ ++ ### 4.1.5 Ensure session initiation information is collected (Scored) ++ - audit_rules_session_events ++ ++ ### 4.1.6 Ensure events that modify date and time information ++ ### are collected (Scored) ++ #### adjtimex ++ - audit_rules_time_adjtimex ++ ++ #### settimeofday ++ - audit_rules_time_settimeofday ++ ++ #### stime ++ - audit_rules_time_stime ++ ++ #### clock_settime ++ - audit_rules_time_clock_settime ++ ++ #### -w /etc/localtime -p wa ++ - audit_rules_time_watch_localtime ++ ++ ### 4.1.7 Ensure events that modify the system's Mandatory ++ ### Access Control are collected (Scored) ++ #### -w /etc/selinux/ -p wa ++ - audit_rules_mac_modification ++ ++ #### -w /usr/share/selinux/ -p wa ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5264 ++ ++ ### 4.1.8 Ensure events that modify the system's network ++ ### enironment are collected (Scored) ++ - audit_rules_networkconfig_modification ++ ++ ### 4.1.9 Ensure discretionary access control permission modification ++ ### events are collected (Scored) ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_fremovexattr ++ ++ ### 4.1.10 Ensure unsuccessful unauthorized file access attempts are ++ ### collected (Scored) ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ # Opinionated selection ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ ++ ### 4.1.11 Ensure events that modify user/group information are ++ ### collected (Scored) ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_shadow ++ - audit_rules_usergroup_modification_opasswd ++ ++ ### 4.1.12 Ensure successful file system mounts are collected (Scored) ++ - audit_rules_media_export ++ ++ ### 4.1.13 Ensure use of privileged commands is collected (Scored) ++ - audit_rules_privileged_commands ++ ++ ### 4.1.14 Ensure file deletion events by users are collected ++ ### (Scored) ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ # Opinionated selection ++ - audit_rules_file_deletion_events_rmdir ++ ++ ### 4.1.15 Ensure kernel module loading and unloading is collected ++ ### (Scored) ++ - audit_rules_kernel_module_loading ++ ++ ### 4.1.16 Ensure system administrator actions (sudolog) are ++ ### collected (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5516 ++ ++ ### 4.1.17 Ensure the audit configuration is immutable (Scored) ++ - audit_rules_immutable ++ ++ ## 4.2 Configure Logging ++ ++ ### 4.2.1 Configure rsyslog ++ ++ #### 4.2.1.1 Ensure rsyslog is installed (Scored) ++ - package_rsyslog_installed ++ ++ #### 4.2.1.2 Ensure rsyslog Service is enabled (Scored) ++ - service_rsyslog_enabled ++ ++ #### 4.2.1.3 Ensure rsyslog default file permissions configured (Scored) ++ - rsyslog_files_permissions ++ ++ #### 4.2.1.4 Ensure logging is configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5519 ++ ++ #### 4.2.1.5 Ensure rsyslog is configured to send logs to a remote ++ #### log host (Scored) ++ - rsyslog_remote_loghost ++ ++ #### 4.2.1.6 Ensure remote rsyslog messages are only accepted on ++ #### designated log hosts (Not Scored) ++ - rsyslog_nolisten ++ ++ ### 4.2.2 Configure journald ++ ++ #### 4.2.2.1 Ensure journald is configured to send logs to ++ #### rsyslog (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5520 ++ ++ #### 4.2.2.2 Ensure journald is configured to compress large ++ #### log files (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5521 ++ ++ ++ #### 4.2.2.3 Ensure journald is configured to write logfiles to ++ #### persistent disk (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5522 ++ ++ ### 4.2.3 Ensure permissions on all logfiles are configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5523 ++ ++ ## 4.3 Ensure logrotate is conifgured (Not Scored) ++ - ensure_logrotate_activated ++ ++ # 5 Access, Authentication and Authorization ++ ++ ## 5.1 Configure cron ++ ++ ### 5.1.1 Ensure cron daemon is enabled (Scored) ++ - service_crond_enabled ++ ++ ++ ### 5.1.2 Ensure permissions on /etc/crontab are configured (Scored) ++ # chown root:root /etc/crontab ++ - file_owner_crontab ++ - file_groupowner_crontab ++ # chmod og-rwx /etc/crontab ++ - file_permissions_crontab ++ ++ ### 5.1.3 Ensure permissions on /etc/cron.hourly are configured (Scored) ++ # chown root:root /etc/cron.hourly ++ - file_owner_cron_hourly ++ - file_groupowner_cron_hourly ++ # chmod og-rwx /etc/cron.hourly ++ - file_permissions_cron_hourly ++ ++ ### 5.1.4 Ensure permissions on /etc/cron.daily are configured (Scored) ++ # chown root:root /etc/cron.daily ++ - file_owner_cron_daily ++ - file_groupowner_cron_daily ++ # chmod og-rwx /etc/cron.daily ++ - file_permissions_cron_daily ++ ++ ### 5.1.5 Ensure permissions on /etc/cron.weekly are configured (Scored) ++ # chown root:root /etc/cron.weekly ++ - file_owner_cron_weekly ++ - file_groupowner_cron_weekly ++ # chmod og-rwx /etc/cron.weekly ++ - file_permissions_cron_weekly ++ ++ ### 5.1.6 Ensure permissions on /etc/cron.monthly are configured (Scored) ++ # chown root:root /etc/cron.monthly ++ - file_owner_cron_monthly ++ - file_groupowner_cron_monthly ++ # chmod og-rwx /etc/cron.monthly ++ - file_permissions_cron_monthly ++ ++ ### 5.1.7 Ensure permissions on /etc/cron.d are configured (Scored) ++ # chown root:root /etc/cron.d ++ - file_owner_cron_d ++ - file_groupowner_cron_d ++ # chmod og-rwx /etc/cron.d ++ - file_permissions_cron_d ++ ++ ### 5.1.8 Ensure at/cron is restricted to authorized users (Scored) ++ ++ ++ ## 5.2 SSH Server Configuration ++ ++ ### 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored) ++ # chown root:root /etc/ssh/sshd_config ++ - file_owner_sshd_config ++ - file_groupowner_sshd_config ++ ++ # chmod og-rwx /etc/ssh/sshd_config ++ - file_permissions_sshd_config ++ ++ ### 5.2.2 Ensure SSH access is limited (Scored) ++ ++ ++ ### 5.2.3 Ensure permissions on SSH private host key files are ++ ### configured (Scored) ++ # TO DO: The rule sets to 640, but benchmark wants 600 ++ - file_permissions_sshd_private_key ++ # TO DO: check owner of private keys in /etc/ssh is root:root ++ ++ ### 5.2.4 Ensure permissions on SSH public host key files are configured ++ ### (Scored) ++ - file_permissions_sshd_pub_key ++ # TO DO: check owner of pub keys in /etc/ssh is root:root ++ ++ ### 5.2.5 Ensure SSH LogLevel is appropriate (Scored) ++ - sshd_set_loglevel_info ++ ++ ### 5.2.6 Ensure SSH X11 forward is disabled (Scored) ++ - sshd_disable_x11_forwarding ++ ++ ### 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored) ++ - sshd_max_auth_tries_value=4 ++ - sshd_set_max_auth_tries ++ ++ ### 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored) ++ - sshd_disable_rhosts ++ ++ ### 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored) ++ - disable_host_auth ++ ++ ### 5.2.10 Ensure SSH root login is disabled (Scored) ++ - sshd_disable_root_login ++ ++ ### 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored) ++ - sshd_disable_empty_passwords ++ ++ ### 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored) ++ - sshd_do_not_permit_user_env ++ ++ ### 5.2.13 Ensure SSH Idle Timeout Interval is configured (Scored) ++ # ClientAliveInterval 300 ++ - sshd_idle_timeout_value=5_minutes ++ - sshd_set_idle_timeout ++ ++ # ClientAliveCountMax 0 ++ - sshd_set_keepalive ++ ++ ### 5.2.14 Ensure SSH LoginGraceTime is set to one minute ++ ### or less (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5525 ++ ++ ### 5.2.15 Ensure SSH warning banner is configured (Scored) ++ - sshd_enable_warning_banner ++ ++ ### 5.2.16 Ensure SSH PAM is enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5526 ++ ++ ### 5.2.17 Ensure SSH AllowTcpForwarding is disabled (Scored) ++ - sshd_disable_tcp_forwarding ++ ++ ### 5.2.18 Ensure SSH MaxStarups is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5528 ++ ++ ### 5.2.19 Ensure SSH MaxSessions is set to 4 or less (Scored) ++ - sshd_set_max_sessions ++ - var_sshd_max_sessions=4 ++ ++ ### 5.2.20 Ensure system-wide crypto policy is not over-ridden (Scored) ++ - configure_ssh_crypto_policy ++ ++ ## 5.3 Configure authselect ++ ++ ++ ### 5.3.1 Create custom authselectet profile (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5530 ++ ++ ### 5.3.2 Select authselect profile (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5531 ++ ++ ### 5.3.3 Ensure authselect includes with-faillock (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5532 ++ ++ ## 5.4 Configure PAM ++ ++ ### 5.4.1 Ensure password creation requirements are configured (Scored) ++ # NEEDS RULE: try_first_pass - https://github.com/ComplianceAsCode/content/issues/5533 ++ - accounts_password_pam_retry ++ - var_password_pam_minlen=14 ++ - accounts_password_pam_minlen ++ - var_password_pam_minclass=4 ++ - accounts_password_pam_minclass ++ ++ ### 5.4.2 Ensure lockout for failed password attempts is ++ ### configured (Scored) ++ - var_accounts_passwords_pam_faillock_unlock_time=900 ++ - var_accounts_passwords_pam_faillock_deny=5 ++ - accounts_passwords_pam_faillock_unlock_time ++ - accounts_passwords_pam_faillock_deny ++ ++ ### 5.4.3 Ensure password reuse is limited (Scored) ++ - var_password_pam_unix_remember=5 ++ - accounts_password_pam_unix_remember ++ ++ ### 5.4.4 Ensure password hashing algorithm is SHA-512 (Scored) ++ - set_password_hashing_algorithm_systemauth ++ ++ ## 5.5 User Accounts and Environment ++ ++ ### 5.5.1 Set Shadow Password Suite Parameters ++ ++ #### 5.5.1 Ensure password expiration is 365 days or less (Scored) ++ - var_accounts_maximum_age_login_defs=365 ++ - accounts_maximum_age_login_defs ++ ++ #### 5.5.1.2 Ensure minimum days between password changes is 7 ++ #### or more (Scored) ++ - var_accounts_minimum_age_login_defs=7 ++ - accounts_minimum_age_login_defs ++ ++ #### 5.5.1.3 Ensure password expiration warning days is ++ #### 7 or more (Scored) ++ - var_accounts_password_warn_age_login_defs=7 ++ - accounts_password_warn_age_login_defs ++ ++ #### 5.5.1.4 Ensure inactive password lock is 30 days or less (Scored) ++ # TODO: Rule doesn't check list of users ++ # https://github.com/ComplianceAsCode/content/issues/5536 ++ - var_account_disable_post_pw_expiration=30 ++ - account_disable_post_pw_expiration ++ ++ #### 5.5.1.5 Ensure all users last password change date is ++ #### in the past (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5537 ++ ++ ### 5.5.2 Ensure system accounts are secured (Scored) ++ - no_shelllogin_for_systemaccounts ++ ++ ### 5.5.3 Ensure default user shell timeout is 900 seconds ++ ### or less (Scored) ++ - var_accounts_tmout=15_min ++ - accounts_tmout ++ ++ ### 5.5.4 Ensure default group for the root account is ++ ### GID 0 (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5539 ++ ++ ### 5.5.5 Ensure default user mask is 027 or more restrictive (Scored) ++ - var_accounts_user_umask=027 ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_profile ++ ++ ## 5.6 Ensure root login is restricted to system console (Not Scored) ++ - securetty_root_login_console_only ++ - no_direct_root_logins ++ ++ ## 5.7 Ensure access to the su command is restricted (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5541 ++ ++ # System Maintenance ++ ++ ## 6.1 System File Permissions ++ ++ ### 6.1.1 Audit system file permissions (Not Scored) ++ - rpm_verify_permissions ++ - rpm_verify_ownership ++ ++ ### 6.1.2 Ensure permissions on /etc/passwd are configured (Scored) ++ # chown root:root /etc/passwd ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ ++ # chmod 644 /etc/passwd ++ - file_permissions_etc_passwd ++ ++ ### 6.1.3 Ensure permissions on /etc/shadow are configured (Scored) ++ # chown root:root /etc/shadow ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ ++ # chmod o-rwx,g-wx /etc/shadow ++ - file_permissions_etc_shadow ++ ++ ### 6.1.4 Ensure permissions on /etc/group are configured (Scored) ++ # chown root:root /etc/group ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ ++ # chmod 644 /etc/group ++ - file_permissions_etc_group ++ ++ ### 6.1.5 Ensure permissions on /etc/gshadow are configured (Scored) ++ # chown root:root /etc/gshadow ++ - file_owner_etc_gshadow ++ - file_groupowner_etc_gshadow ++ ++ # chmod o-rwx,g-rw /etc/gshadow ++ - file_permissions_etc_gshadow ++ ++ ### 6.1.6 Ensure permissions on /etc/passwd- are configured (Scored) ++ # chown root:root /etc/passwd- ++ - file_owner_backup_etc_passwd ++ - file_groupowner_backup_etc_passwd ++ ++ # chmod 644 /etc/passwd- ++ - file_permissions_backup_etc_passwd ++ ++ ### 6.1.7 Ensure permissions on /etc/shadow- are configured (Scored) ++ # chown root:root /etc/shadow- ++ - file_owner_backup_etc_shadow ++ - file_groupowner_backup_etc_shadow ++ ++ # chmod 0000 /etc/shadow- ++ - file_permissions_backup_etc_shadow ++ ++ ### 6.1.8 Ensure permissions on /etc/group- are configured (Scored) ++ # chown root:root /etc/group- ++ - file_owner_backup_etc_group ++ - file_groupowner_backup_etc_group ++ ++ # chmod 644 /etc/group- ++ - file_permissions_backup_etc_group ++ ++ ### 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored) ++ # chown root:root /etc/gshadow- ++ - file_owner_backup_etc_gshadow ++ - file_groupowner_backup_etc_gshadow ++ ++ # chmod 0000 /etc/gshadow- ++ - file_permissions_backup_etc_gshadow ++ ++ ### 6.1.10 Ensure no world writable files exist (Scored) ++ - file_permissions_unauthorized_world_writable ++ ++ ### 6.1.11 Ensure no unowned files or directories exist (Scored) ++ - no_files_unowned_by_user ++ ++ ### 6.1.12 Ensure no ungrouped files or directories exist (Scored) ++ - file_permissions_ungroupowned ++ ++ ### 6.1.13 Audit SUID executables (Not Scored) ++ - file_permissions_unauthorized_suid ++ ++ ### 6.1.14 Audit SGID executables (Not Scored) ++ - file_permissions_unauthorized_sgid ++ ++ ## 6.2 User and Group Settings ++ ++ ### 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored) ++ - no_legacy_plus_entries_etc_passwd ++ ++ ### 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored) ++ - no_legacy_plus_entries_etc_shadow ++ ++ ### 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored) ++ - no_legacy_plus_entries_etc_group ++ ++ ### 6.2.6 Ensure root is the only UID 0 account (Scored) ++ - accounts_no_uid_except_zero ++ ++ ### 6.2.7 Ensure users' home directories permissions are 750 ++ ### or more restrictive (Scored) ++ - file_permissions_home_dirs ++ ++ ### 6.2.8 Ensure users own their home directories (Scored) ++ # NEEDS RULE for user owner @ https://github.com/ComplianceAsCode/content/issues/5507 ++ - file_groupownership_home_directories ++ ++ ### 6.2.9 Ensure users' dot files are not group or world ++ ### writable (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5506 ++ ++ ### 6.2.10 Ensure no users have .forward files (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5505 ++ ++ ### 6.2.11 Ensure no users have .netrc files (Scored) ++ - no_netrc_files ++ ++ ### 6.2.12 Ensure users' .netrc Files are not group or ++ ### world accessible (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5504 ++ ++ ### 6.2.13 Ensure no users have .rhosts files (Scored) ++ - no_rsh_trust_files ++ ++ ### 6.2.14 Ensure all groups in /etc/passwd exist in ++ ### /etc/group (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5503 ++ ++ ### 6.2.15 Ensure no duplicate UIDs exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5502 ++ ++ ### 6.2.16 Ensure no duplicate GIDs exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5501 ++ ++ ### 6.2.17 Ensure no duplicate user names exist (Scored) ++ - account_unique_name ++ ++ ### 6.2.18 Ensure no duplicate group names exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5500 ++ ++ ### 6.2.19 Ensure shadow group is empty (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5499 ++ ++ ### 6.2.20 Ensure all users' home directories exist (Scored) ++ - accounts_user_interactive_home_directory_exists +diff --git a/almalinux8/profiles/cjis.profile b/almalinux8/profiles/cjis.profile +new file mode 100644 +index 00000000..5a410244 +--- /dev/null ++++ b/almalinux8/profiles/cjis.profile +@@ -0,0 +1,139 @@ ++documentation_complete: false ++ ++metadata: ++ version: 5.4 ++ SMEs: ++ - carlosmmatos ++ ++reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center ++ ++title: 'Criminal Justice Information Services (CJIS) Security Policy' ++ ++description: |- ++ This profile is derived from FBI's CJIS v5.4 ++ Security Policy. A copy of this policy can be found at the CJIS Security ++ Policy Resource Center: ++ ++ https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center ++ ++selections: ++ - service_auditd_enabled ++ - grub2_audit_argument ++ - auditd_data_retention_num_logs ++ - auditd_data_retention_max_log_file ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_retention_space_left_action ++ - auditd_data_retention_admin_space_left_action ++ - auditd_data_retention_action_mail_acct ++ - auditd_audispd_syslog_plugin_activated ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification ++ - audit_rules_networkconfig_modification ++ - file_permissions_var_log_audit ++ - file_ownership_var_log_audit ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_login_events ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading ++ - audit_rules_immutable ++ - account_unique_name ++ - gid_passwd_group_same ++ - accounts_password_all_shadowed ++ - no_empty_passwords ++ - display_login_attempts ++ - var_accounts_password_minlen_login_defs=12 ++ - var_accounts_maximum_age_login_defs=90 ++ - var_password_pam_unix_remember=10 ++ - var_account_disable_post_pw_expiration=0 ++ - var_password_pam_minlen=12 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_password_pam_difok=6 ++ - var_accounts_max_concurrent_login_sessions=3 ++ - account_disable_post_pw_expiration ++ - accounts_password_pam_minlen ++ - accounts_minimum_age_login_defs ++ - accounts_password_pam_difok ++ - accounts_max_concurrent_login_sessions ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - var_password_pam_retry=5 ++ - var_accounts_passwords_pam_faillock_deny=5 ++ - var_accounts_passwords_pam_faillock_unlock_time=600 ++ - dconf_db_up_to_date ++ - dconf_gnome_screensaver_idle_delay ++ - dconf_gnome_screensaver_idle_activation_enabled ++ - dconf_gnome_screensaver_lock_enabled ++ - dconf_gnome_screensaver_mode_blank ++ - sshd_allow_only_protocol2 ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - disable_host_auth ++ - sshd_disable_root_login ++ - sshd_disable_empty_passwords ++ - sshd_enable_warning_banner ++ - sshd_do_not_permit_user_env ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - kernel_module_dccp_disabled ++ - kernel_module_sctp_disabled ++ - service_firewalld_enabled ++ - set_firewalld_default_zone ++ - firewalld_sshd_port_enabled ++ - sshd_idle_timeout_value=30_minutes ++ - inactivity_timeout_value=30_minutes ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv4_tcp_syncookies ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - var_password_pam_ocredit=1 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_ucredit=1 ++ - var_password_pam_lcredit=1 ++ - package_aide_installed ++ - aide_build_database ++ - aide_periodic_cron_checking ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - security_patches_up_to_date ++ - kernel_module_bluetooth_disabled +diff --git a/almalinux8/profiles/cui.profile b/almalinux8/profiles/cui.profile +new file mode 100644 +index 00000000..bf6d9511 +--- /dev/null ++++ b/almalinux8/profiles/cui.profile +@@ -0,0 +1,32 @@ ++documentation_complete: true ++ ++metadata: ++ version: TBD ++ SMEs: ++ - carlosmmatos ++ ++title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)' ++ ++description: |- ++ From NIST 800-171, Section 2.2: ++ Security requirements for protecting the confidentiality of CUI in nonfederal ++ information systems and organizations have a well-defined structure that ++ consists of: ++ ++ (i) a basic security requirements section; ++ (ii) a derived security requirements section. ++ ++ The basic security requirements are obtained from FIPS Publication 200, which ++ provides the high-level and fundamental security requirements for federal ++ information and information systems. The derived security requirements, which ++ supplement the basic security requirements, are taken from the security controls ++ in NIST Special Publication 800-53. ++ ++ This profile configures Red Hat Enterprise Linux 8 to the NIST Special ++ Publication 800-53 controls identified for securing Controlled Unclassified ++ Information (CUI)." ++ ++extends: ospp ++ ++selections: ++ - inactivity_timeout_value=10_minutes +diff --git a/almalinux8/profiles/e8.profile b/almalinux8/profiles/e8.profile +new file mode 100644 +index 00000000..049f3ea2 +--- /dev/null ++++ b/almalinux8/profiles/e8.profile +@@ -0,0 +1,149 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++title: 'Australian Cyber Security Centre (ACSC) Essential Eight' ++ ++description: |- ++ This profile contains configuration checks for AlmaLinux 8 ++ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. ++ ++ A copy of the Essential Eight in Linux Environments guide can be found at the ++ ACSC website: ++ ++ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++selections: ++ ++ ### Remove obsolete packages ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_xinetd_removed ++ - service_xinetd_disabled ++ - package_ypbind_removed ++ - package_telnet_removed ++ - service_telnet_disabled ++ - package_telnet-server_removed ++ - package_rsh_removed ++ - package_rsh-server_removed ++ - service_zebra_disabled ++ - package_quagga_removed ++ - service_avahi-daemon_disabled ++ - package_squid_removed ++ - service_squid_disabled ++ ++ ### Software update ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_globally_activated ++ - security_patches_up_to_date ++ - dnf-automatic_security_updates_only ++ ++ ### System security settings ++ - sysctl_kernel_randomize_va_space ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_net_core_bpf_jit_harden ++ ++ ### SELinux ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Filesystem integrity ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - rpm_verify_ownership ++ - file_permissions_unauthorized_sgid ++ - file_permissions_unauthorized_suid ++ - file_permissions_unauthorized_world_writable ++ - dir_perms_world_writable_sticky_bits ++ - file_permissions_library_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_binary_dirs ++ - file_ownership_library_dirs ++ ++ ### Passwords ++ - no_empty_passwords ++ ++ ### Partitioning ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - mount_option_dev_shm_noexec ++ ++ ### Network ++ - package_firewalld_installed ++ - service_firewalld_enabled ++ - network_sniffer_disabled ++ ++ ### Admin privileges ++ - accounts_no_uid_except_zero ++ - sudo_remove_nopasswd ++ - sudo_remove_no_authenticate ++ - sudo_require_authentication ++ ++ ### Audit ++ - package_rsyslog_installed ++ - service_rsyslog_enabled ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_local_events ++ - auditd_write_logs ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ - audit_rules_login_events_tallylog ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_chcon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_execution_setfiles ++ - audit_rules_execution_seunshare ++ - audit_rules_sysadmin_actions ++ - audit_rules_networkconfig_modification ++ - audit_rules_usergroup_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_kernel_module_loading ++ ++ ### Secure access ++ - sshd_disable_root_login ++ - sshd_disable_gssapi_auth ++ - sshd_print_last_log ++ - sshd_do_not_permit_user_env ++ - sshd_disable_rhosts ++ - sshd_set_loglevel_info ++ - sshd_disable_empty_passwords ++ - sshd_disable_user_known_hosts ++ - sshd_enable_strictmodes ++ ++ # See also: https://www.cyber.gov.au/ism/guidelines-using-cryptography ++ - var_system_crypto_policy=default_nosha1 ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ ++ ### Application whitelisting ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Backup ++ - package_rear_installed +diff --git a/almalinux8/profiles/hipaa.profile b/almalinux8/profiles/hipaa.profile +new file mode 100644 +index 00000000..5d88f3d3 +--- /dev/null ++++ b/almalinux8/profiles/hipaa.profile +@@ -0,0 +1,164 @@ ++documentation_complete: True ++ ++metadata: ++ SMEs: ++ - jjaswanson4 ++ - carlosmmatos ++ ++reference: https://www.hhs.gov/hipaa/for-professionals/index.html ++ ++title: 'Health Insurance Portability and Accountability Act (HIPAA)' ++ ++description: |- ++ The HIPAA Security Rule establishes U.S. national standards to protect individuals’ ++ electronic personal health information that is created, received, used, or ++ maintained by a covered entity. The Security Rule requires appropriate ++ administrative, physical and technical safeguards to ensure the ++ confidentiality, integrity, and security of electronic protected health ++ information. ++ ++ This profile configures AlmaLinux 8 to the HIPAA Security ++ Rule identified for securing of electronic protected health information. ++ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). ++ ++selections: ++ - grub2_password ++ - grub2_uefi_password ++ - file_groupowner_grub2_cfg ++ - file_permissions_grub2_cfg ++ - file_owner_grub2_cfg ++ - grub2_disable_interactive_boot ++ - no_direct_root_logins ++ - no_empty_passwords ++ - require_singleuser_auth ++ - restrict_serial_port_logins ++ - securetty_root_login_console_only ++ - service_debug-shell_disabled ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - dconf_db_up_to_date ++ - dconf_gnome_remote_access_credential_prompt ++ - dconf_gnome_remote_access_encryption ++ - sshd_disable_empty_passwords ++ - sshd_disable_root_login ++ - libreswan_approved_tunnels ++ - no_rsh_trust_files ++ - package_rsh-server_removed ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_telnet_removed ++ - package_telnet-server_removed ++ - package_xinetd_removed ++ - service_crond_enabled ++ - service_rexec_disabled ++ - service_rlogin_disabled ++ - service_telnet_disabled ++ - service_xinetd_disabled ++ - service_zebra_disabled ++ - use_kerberos_security_all_exports ++ - disable_host_auth ++ - sshd_allow_only_protocol2 ++ - sshd_disable_compression ++ - sshd_disable_gssapi_auth ++ - sshd_disable_kerb_auth ++ - sshd_do_not_permit_user_env ++ - sshd_enable_strictmodes ++ - sshd_enable_warning_banner ++ - sshd_set_keepalive ++ - encrypt_partitions ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - var_selinux_policy_name=targeted ++ - var_selinux_state=enforcing ++ - grub2_enable_selinux ++ - sebool_selinuxuser_execheap ++ - sebool_selinuxuser_execmod ++ - sebool_selinuxuser_execstack ++ - selinux_confinement_of_daemons ++ - selinux_policytype ++ - selinux_state ++ - service_kdump_disabled ++ - sysctl_fs_suid_dumpable ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_randomize_va_space ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - grub2_audit_argument ++ - service_auditd_enabled ++ - audit_rules_privileged_commands_sudo ++ - audit_rules_privileged_commands_su ++ - audit_rules_immutable ++ - kernel_module_usb-storage_disabled ++ - service_autofs_disabled ++ - auditd_audispd_syslog_plugin_activated ++ - rsyslog_remote_loghost ++ - auditd_data_retention_flush ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_execution_chcon ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events_tallylog ++ - audit_rules_mac_modification ++ - audit_rules_media_export ++ - audit_rules_networkconfig_modification ++ - audit_rules_privileged_commands_chage ++ - audit_rules_privileged_commands_chsh ++ - audit_rules_privileged_commands_crontab ++ - audit_rules_privileged_commands_gpasswd ++ - audit_rules_privileged_commands_newgrp ++ - audit_rules_privileged_commands_pam_timestamp_check ++ - audit_rules_privileged_commands_passwd ++ - audit_rules_privileged_commands_postdrop ++ - audit_rules_privileged_commands_postqueue ++ - audit_rules_privileged_commands_ssh_keysign ++ - audit_rules_privileged_commands_sudoedit ++ - audit_rules_privileged_commands_umount ++ - audit_rules_privileged_commands_unix_chkpwd ++ - audit_rules_privileged_commands_userhelper ++ - audit_rules_session_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_system_shutdown ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_watch_localtime ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow +diff --git a/almalinux8/profiles/ism_o.profile b/almalinux8/profiles/ism_o.profile +new file mode 100644 +index 00000000..bbc6a445 +--- /dev/null ++++ b/almalinux8/profiles/ism_o.profile +@@ -0,0 +1,158 @@ ++documentation_complete: false ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - ahamilto156 ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-linux-environments ++ ++title: 'Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) Official' ++ ++description: |- ++ This profile contains configuration checks for AlmaLinux 8 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) ++ with the Attorney-General’s Department (AGD)’s applicability marking of OFFICIAL. ++ ++ A overview and list of Cyber security guidelines of the ++ Information Security Manual can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ ++ ## Operating system configuration ++ ## Identifiers 1491 ++ - no_shelllogin_for_systemaccounts ++ ++ ## Local administrator accounts ++ ## Identifiers 1410 ++ - accounts_password_all_shadowed ++ ++ ## Content filtering & Anti virus ++ ## Identifiers 1341 / 1034 / 1417 / 1288 ++ - package_aide_installed ++ ++ ## Software firewall ++ ## Identifiers 1416 ++ - configure_firewalld_ports ++ ## Removing due to build error ++ ## - configure_firewalld_rate_limiting ++ - firewalld_sshd_port_enabled ++ - set_firewalld_default_zone ++ ++ ## Endpoint device control software ++ ## Identifiers 1418 ++ - package_usbguard_installed ++ - service_usbguard_enabled ++ ++ ## Authentication hardening ++ ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560 ++ ## 1561 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431 ++ - disable_host_auth ++ - require_emergency_target_auth ++ - require_singleuser_auth ++ - sebool_authlogin_nsswitch_use_ldap ++ - sebool_authlogin_radius ++ - sshd_disable_kerb_auth ++ - sshd_set_max_auth_tries ++ - sssd_enable_smartcards ++ - accounts_password_minlen_login_defs ++ - var_password_pam_minlen=14 ++ - accounts_password_pam_minlen ++ - accounts_password_pam_minclass ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_ocredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_maxrepeat ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_deny_root ++ - accounts_passwords_pam_faillock_interval ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ ## Password authentication & Protecting credentials ++ ## Identifiers 1055 / 0418 / 1402 ++ - network_nmcli_permissions ++ - configure_kerberos_crypto_policy ++ - kerberos_disable_no_keytab ++ - sebool_kerberos_enabled ++ - sshd_disable_gssapi_auth ++ - enable_ldap_client ++ - set_password_hashing_algorithm_libuserconf ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_systemauth ++ - accounts_password_warn_age_login_defs ++ - accounts_maximum_age_login_defs ++ - accounts_minimum_age_login_defs ++ ++ ## System administration & MFA ++ ## Identifiers 1382 / 1384 / 1386 ++ - package_sudo_installed ++ - package_opensc_installed ++ - var_smartcard_drivers=cac ++ - configure_opensc_card_drivers ++ - force_opensc_card_drivers ++ - package_pcsc-lite_installed ++ - service_pcscd_enabled ++ - sssd_enable_smartcards ++ ++ ## System patching & Applicatoin versions ++ ## Identifiers 1493 / 1144 / 0940 / 1472 / 1494 / 1495 / 1467 / 1483 ++ - dnf-automatic_apply_updates ++ - package_dnf-plugin-subscription-manager_installed ++ - package_subscription-manager_installed ++ ++ ## Centralised logging facility ++ ## Identifiers 1405 / 0988 ++ - rsyslog_cron_logging ++ - rsyslog_files_groupownership ++ - rsyslog_files_ownership ++ - rsyslog_files_permissions ++ - rsyslog_nolisten ++ - rsyslog_remote_loghost ++ - rsyslog_remote_tls ++ - rsyslog_remote_tls_cacert ++ - package_chrony_installed ++ - service_chronyd_enabled ++ - chronyd_or_ntpd_specify_multiple_servers ++ - chronyd_specify_remote_server ++ - service_chronyd_or_ntpd_enabled ++ ++ ## Events to be logged ++ ## Identifiers 0584 / 0582 / 0585 / 0586 / 0846 / 0957 ++ - display_login_attempts ++ - sebool_auditadm_exec_content ++ - audit_rules_privileged_commands ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification ++ - audit_access_failed ++ - audit_access_success ++ ++ ## Web application & Database servers ++ ## Identifiers 1552 / 1277 ++ - openssl_use_strong_entropy ++ ++ ## Network design and configuration ++ ## Identifiers 1311 ++ - service_snmpd_disabled ++ - snmpd_use_newer_protocol ++ ++ ## Wireless networks ++ ## Identifiers 1315 / 1319 ++ - wireless_disable_interfaces ++ - network_ipv6_static_address ++ ++ ## ASD Approved Cryptopgraphic Algorithims ++ ## Identifiers 1446 ++ - enable_dracut_fips_module ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ ++ ## Secure Shell access ++ ## Identifiers 1506 / 1449 / 0487 ++ - sshd_allow_only_protocol2 +diff --git a/almalinux8/profiles/ospp-mls.profile b/almalinux8/profiles/ospp-mls.profile +new file mode 100644 +index 00000000..d1d1b8af +--- /dev/null ++++ b/almalinux8/profiles/ospp-mls.profile +@@ -0,0 +1,25 @@ ++documentation_complete: false ++ ++title: 'Protection Profile for General Purpose Operating Systems - MLS Mode' ++ ++description: |- ++ Placeholder to put MLS specific rules ++ ++extends: ospp ++ ++selections: ++ ++ ################################################ ++ ## MUST INSTALL PACKAGES IN MLS MODE ++ #cups ++ #foomatic ++ #ghostscript ++ #ghostscript-fonts ++ #checkpolicy ++ #mcstrans ++ #policycoreutils-newrole ++ #selinux-policy-devel ++ ##xinetd ++ #iproute ++ #iputils ++ #netlabel_tools +diff --git a/almalinux8/profiles/ospp.profile b/almalinux8/profiles/ospp.profile +new file mode 100644 +index 00000000..7373086f +--- /dev/null ++++ b/almalinux8/profiles/ospp.profile +@@ -0,0 +1,443 @@ ++documentation_complete: true ++ ++metadata: ++ version: 4.2.1 ++ SMEs: ++ - comps ++ - carlosmmatos ++ - stevegrubb ++ ++reference: https://www.niap-ccevs.org/Profile/PP.cfm ++ ++title: 'Protection Profile for General Purpose Operating Systems' ++ ++description: |- ++ This profile reflects mandatory configuration controls identified in the ++ NIAP Configuration Annex to the Protection Profile for General Purpose ++ Operating Systems (Protection Profile Version 4.2.1). ++ ++ This configuration profile is consistent with CNSSI-1253, which requires ++ U.S. National Security Systems to adhere to certain configuration ++ parameters. Accordingly, this configuration profile is suitable for ++ use in U.S. National Security Systems. ++ ++selections: ++ ++ ####################################################### ++ ### GENERAL REQUIREMENTS ++ ### Things needed to meet OSPP functional requirements. ++ ####################################################### ++ ++ ### Partitioning ++ - mount_option_home_nodev ++ - mount_option_home_nosuid ++ - mount_option_tmp_nodev ++ - mount_option_tmp_noexec ++ - mount_option_tmp_nosuid ++ - mount_option_var_tmp_nodev ++ - mount_option_var_tmp_noexec ++ - mount_option_var_tmp_nosuid ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_noexec ++ - mount_option_dev_shm_nosuid ++ - mount_option_nodev_nonroot_local_partitions ++ - mount_option_boot_nodev ++ - mount_option_boot_nosuid ++ - partition_for_home ++ - partition_for_var ++ - mount_option_var_nodev ++ - partition_for_var_log ++ - mount_option_var_log_nodev ++ - mount_option_var_log_nosuid ++ - mount_option_var_log_noexec ++ - partition_for_var_log_audit ++ - mount_option_var_log_audit_nodev ++ - mount_option_var_log_audit_nosuid ++ - mount_option_var_log_audit_noexec ++ ++ ### Services ++ # sshd ++ - sshd_disable_root_login ++ - sshd_enable_strictmodes ++ - disable_host_auth ++ - sshd_disable_empty_passwords ++ - sshd_disable_kerb_auth ++ - sshd_disable_gssapi_auth ++ - sshd_set_keepalive ++ - sshd_enable_warning_banner ++ - sshd_rekey_limit ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ - sshd_use_strong_rng ++ - openssl_use_strong_entropy ++ ++ # Time Server ++ - chronyd_client_only ++ - chronyd_no_chronyc_network ++ ++ ### Network Settings ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_log_martians ++ - sysctl_net_ipv4_conf_default_log_martians ++ - sysctl_net_ipv4_conf_all_rp_filter ++ - sysctl_net_ipv4_conf_default_rp_filter ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv4_tcp_syncookies ++ ++ ### systemd ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - service_debug-shell_disabled ++ ++ ### umask ++ - var_accounts_user_umask=027 ++ - accounts_umask_etc_profile ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_csh_cshrc ++ ++ ### Software update ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_never_disabled ++ ++ ### Passwords ++ - var_password_pam_difok=4 ++ - accounts_password_pam_difok ++ - var_password_pam_maxrepeat=3 ++ - accounts_password_pam_maxrepeat ++ - var_password_pam_maxclassrepeat=4 ++ - accounts_password_pam_maxclassrepeat ++ ++ ### Kernel Config ++ ## Boot prompt ++ - grub2_audit_argument ++ - grub2_audit_backlog_limit_argument ++ - grub2_slub_debug_argument ++ - grub2_page_poison_argument ++ - grub2_vsyscall_argument ++ - grub2_vsyscall_argument.role=unscored ++ - grub2_vsyscall_argument.severity=info ++ - grub2_pti_argument ++ - grub2_kernel_trust_cpu_rng ++ ++ ## Security Settings ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_perf_event_paranoid ++ - sysctl_user_max_user_namespaces ++ - sysctl_user_max_user_namespaces.role=unscored ++ - sysctl_user_max_user_namespaces.severity=info ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_net_core_bpf_jit_harden ++ - service_kdump_disabled ++ ++ ## File System Settings ++ - sysctl_fs_protected_hardlinks ++ - sysctl_fs_protected_symlinks ++ ++ ### Audit ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_local_events ++ - auditd_write_logs ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ ++ ### Module Blacklist ++ - kernel_module_cramfs_disabled ++ - kernel_module_bluetooth_disabled ++ - kernel_module_sctp_disabled ++ - kernel_module_firewire-core_disabled ++ - kernel_module_atm_disabled ++ - kernel_module_can_disabled ++ - kernel_module_tipc_disabled ++ ++ ### rpcbind ++ ++ ### Install Required Packages ++ - package_aide_installed ++ - package_dnf-automatic_installed ++ - package_subscription-manager_installed ++ - package_dnf-plugin-subscription-manager_installed ++ - package_firewalld_installed ++ - package_openscap-scanner_installed ++ - package_policycoreutils_installed ++ - package_sudo_installed ++ - package_usbguard_installed ++ - package_scap-security-guide_installed ++ - package_audit_installed ++ - package_crypto-policies_installed ++ - package_openssh-server_installed ++ - package_openssh-clients_installed ++ - package_policycoreutils-python-utils_installed ++ - package_rsyslog_installed ++ - package_rsyslog-gnutls_installed ++ - package_audispd-plugins_installed ++ - package_chrony_installed ++ - package_gnutls-utils_installed ++ ++ ### Remove Prohibited Packages ++ - package_sendmail_removed ++ - package_iprutils_removed ++ - package_gssproxy_removed ++ - package_nfs-utils_removed ++ - package_krb5-workstation_removed ++ - package_abrt-addon-kerneloops_removed ++ - package_abrt-addon-python_removed ++ - package_abrt-addon-ccpp_removed ++ - package_abrt-plugin-rhtsupport_removed ++ - package_abrt-plugin-logger_removed ++ - package_abrt-plugin-sosreport_removed ++ - package_abrt-cli_removed ++ - package_abrt_removed ++ ++ ### Login ++ - disable_users_coredumps ++ - sysctl_kernel_core_pattern ++ - coredump_disable_storage ++ - coredump_disable_backtraces ++ - service_systemd-coredump_disabled ++ - var_accounts_max_concurrent_login_sessions=10 ++ - accounts_max_concurrent_login_sessions ++ - securetty_root_login_console_only ++ - var_password_pam_unix_remember=5 ++ - accounts_password_pam_unix_remember ++ - use_pam_wheel_for_su ++ ++ ### SELinux Configuration ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Application Whitelisting (RHEL 8) ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Configure USBGuard ++ - service_usbguard_enabled ++ - configure_usbguard_auditbackend ++ - usbguard_allow_hid_and_hub ++ ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips_ospp ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_kerberos_crypto_policy ++ - enable_dracut_fips_module ++ ++ ####################################################### ++ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE ++ ### FOR GENERAL PURPOSE OPERATING SYSTEMS ++ ### ANNEX RELEASE 1 ++ ### FOR PROTECTION PROFILE VERSIONS 4.2 ++ ### ++ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/ ++ ####################################################### ++ ++ ## Configure Minimum Password Length to 12 Characters ++ ## IA-5 (1)(a) / FMT_MOF_EXT.1 ++ - var_accounts_password_minlen_login_defs=12 ++ - accounts_password_minlen_login_defs ++ - var_password_pam_minlen=12 ++ - accounts_password_pam_minlen ++ ++ ## Require at Least 1 Special Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_ocredit=1 ++ - accounts_password_pam_ocredit ++ ++ ## Require at Least 1 Numeric Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_dcredit=1 ++ - accounts_password_pam_dcredit ++ ++ ## Require at Least 1 Uppercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_ucredit=1 ++ - accounts_password_pam_ucredit ++ ++ ## Require at Least 1 Lowercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_lcredit=1 ++ - accounts_password_pam_lcredit ++ ++ ## Enable Screen Lock ++ ## FMT_MOF_EXT.1 ++ - package_tmux_installed ++ - configure_bashrc_exec_tmux ++ - no_tmux_in_shells ++ - configure_tmux_lock_command ++ - configure_tmux_lock_after_time ++ ++ ## Set Screen Lock Timeout Period to 30 Minutes or Less ++ ## AC-11(a) / FMT_MOF_EXT.1 ++ ## We deliberately set sshd timeout to 1 minute before tmux lock timeout ++ - sshd_idle_timeout_value=14_minutes ++ - sshd_set_idle_timeout ++ ++ ## Disable Unauthenticated Login (such as Guest Accounts) ++ ## FIA_UAU.1 ++ - require_singleuser_auth ++ - grub2_disable_interactive_boot ++ - grub2_uefi_password ++ - no_empty_passwords ++ ++ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes ++ ## AC-7 / FIA_AFL.1 ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - accounts_passwords_pam_faillock_deny ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - accounts_passwords_pam_faillock_interval ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ ## Enable Host-Based Firewall ++ ## SC-7(12) / FMT_MOF_EXT.1 ++ - service_firewalld_enabled ++ ++ ## Configure Name/Addres of Remote Management Server ++ ## From Which to Receive Config Settings ++ ## CM-3(3) / FMT_MOF_EXT.1 ++ ++ ## Configure the System to Offload Audit Records to a Log ++ ## Server ++ ## AU-4(1) / FAU_GEN.1.1.c ++ # temporarily dropped ++ ++ ## Set Logon Warning Banner ++ ## AC-8(a) / FMT_MOF_EXT.1 ++ ++ ## Audit All Logons (Success/Failure) and Logoffs (Success) ++ ## CNSSI 1253 Value or DoD-Specific Values: ++ ## (1) Logons (Success/Failure) ++ ## (2) Logoffs (Success) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ++ ## Audit File and Object Events (Unsuccessful) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) Create (Success/Failure) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Sucess/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Sucess/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## ++ ## (1) Create (Success/Failure) ++ ## (open with O_CREAT) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Success/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Success/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ++ ## Audit User and Group Management Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## (2) Group/Role add, delete, modify (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## Generic User and Group Management Events (Success/Failure) ++ ## Selection of setuid programs that relate to ++ ## user accounts. ++ ## ++ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## ++ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure) ++ ## ++ ## Audit Privilege or Role Escalation Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Privilege/Role escalation (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit All Audit and Log Data Accesses (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Audit and log data access (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Cryptographic Verification of Software (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite, ++ ## etc) initialization (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Kernel Module Loading and Unloading Events (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ - audit_basic_configuration ++ - audit_immutable_login_uids ++ - audit_create_failed ++ - audit_create_success ++ - audit_modify_failed ++ - audit_modify_success ++ - audit_access_failed ++ - audit_access_success ++ - audit_delete_failed ++ - audit_delete_success ++ - audit_perm_change_failed ++ - audit_perm_change_success ++ - audit_owner_change_failed ++ - audit_owner_change_success ++ - audit_ospp_general ++ - audit_module_load ++ ++ ## Enable Automatic Software Updates ++ ## SI-2 / FMT_MOF_EXT.1 ++ # Configure dnf-automatic to Install Only Security Updates ++ - dnf-automatic_security_updates_only ++ ++ # Configure dnf-automatic to Install Available Updates Automatically ++ - dnf-automatic_apply_updates ++ ++ # Enable dnf-automatic Timer ++ - timer_dnf-automatic_enabled ++ ++ # Configure TLS for remote logging ++ - rsyslog_remote_tls ++ - rsyslog_remote_tls_cacert ++ ++ # Prevent Kerberos use by system daemons ++ - kerberos_disable_no_keytab ++ ++ # set ssh client rekey limit ++ - ssh_client_rekey_limit ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ ++# configure ssh client to use strong entropy ++ - ssh_client_use_strong_rng_sh ++ - ssh_client_use_strong_rng_csh ++ ++ # zIPl specific rules ++ - zipl_bls_entries_only ++ - zipl_bootmap_is_up_to_date ++ - zipl_audit_argument ++ - zipl_audit_backlog_limit_argument ++ - zipl_slub_debug_argument ++ - zipl_page_poison_argument ++ - zipl_vsyscall_argument ++ - zipl_vsyscall_argument.role=unscored ++ - zipl_vsyscall_argument.severity=info +diff --git a/almalinux8/profiles/pci-dss.profile b/almalinux8/profiles/pci-dss.profile +new file mode 100644 +index 00000000..bbee0d36 +--- /dev/null ++++ b/almalinux8/profiles/pci-dss.profile +@@ -0,0 +1,147 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - carlosmmatos ++ ++reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf ++ ++title: 'PCI-DSS v3.2.1 Control Baseline for AlmaLinux 8' ++ ++description: |- ++ Ensures PCI-DSS v3.2.1 security configuration settings are applied. ++ ++selections: ++ - var_password_pam_unix_remember=4 ++ - var_account_disable_post_pw_expiration=90 ++ - var_accounts_passwords_pam_faillock_deny=6 ++ - var_accounts_passwords_pam_faillock_unlock_time=1800 ++ - sshd_idle_timeout_value=15_minutes ++ - var_password_pam_minlen=7 ++ - var_password_pam_minclass=2 ++ - var_accounts_maximum_age_login_defs=90 ++ - var_auditd_num_logs=5 ++ - service_auditd_enabled ++ - grub2_audit_argument ++ - auditd_data_retention_num_logs ++ - auditd_data_retention_max_log_file ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_retention_space_left_action ++ - auditd_data_retention_admin_space_left_action ++ - auditd_data_retention_action_mail_acct ++ - package_audispd-plugins_installed ++ - auditd_audispd_syslog_plugin_activated ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow ++ - audit_rules_networkconfig_modification ++ - file_permissions_var_log_audit ++ - file_ownership_var_log_audit ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_login_events ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_finit ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_immutable ++ - var_multiple_time_servers=rhel ++ - service_chronyd_or_ntpd_enabled ++ - chronyd_or_ntpd_specify_remote_server ++ - chronyd_or_ntpd_specify_multiple_servers ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - install_hids ++ - rsyslog_files_permissions ++ - rsyslog_files_ownership ++ - rsyslog_files_groupownership ++ - ensure_logrotate_activated ++ - package_aide_installed ++ - aide_build_database ++ - aide_periodic_cron_checking ++ - account_unique_name ++ - gid_passwd_group_same ++ - accounts_password_all_shadowed ++ - no_empty_passwords ++ - display_login_attempts ++ - account_disable_post_pw_expiration ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_unlock_time ++ - dconf_db_up_to_date ++ - dconf_gnome_screensaver_idle_delay ++ - dconf_gnome_screensaver_idle_activation_enabled ++ - dconf_gnome_screensaver_lock_enabled ++ - dconf_gnome_screensaver_mode_blank ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - accounts_password_pam_minlen ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_unix_remember ++ - accounts_maximum_age_login_defs ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - security_patches_up_to_date ++ - package_opensc_installed ++ - var_smartcard_drivers=cac ++ - configure_opensc_card_drivers ++ - force_opensc_card_drivers ++ - package_pcsc-lite_installed ++ - service_pcscd_enabled ++ - sssd_enable_smartcards ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - package_libreswan_installed ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_kerberos_crypto_policy +diff --git a/almalinux8/profiles/standard.profile b/almalinux8/profiles/standard.profile +new file mode 100644 +index 00000000..7904d13c +--- /dev/null ++++ b/almalinux8/profiles/standard.profile +@@ -0,0 +1,67 @@ ++documentation_complete: false ++ ++title: 'Standard System Security Profile for AlmaLinux 8' ++ ++description: |- ++ This profile contains rules to ensure standard security baseline ++ of a AlmaLinux 8 system. Regardless of your system's workload ++ all of these checks should pass. ++ ++selections: ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - security_patches_up_to_date ++ - no_empty_passwords ++ - file_permissions_unauthorized_sgid ++ - file_permissions_unauthorized_suid ++ - file_permissions_unauthorized_world_writable ++ - accounts_root_path_dirs_no_write ++ - dir_perms_world_writable_sticky_bits ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - partition_for_var_log ++ - partition_for_var_log_audit ++ - package_rsyslog_installed ++ - service_rsyslog_enabled ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification ++ - audit_rules_networkconfig_modification ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_unsuccessful_file_modification ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading ++ - service_abrtd_disabled ++ - service_atd_disabled ++ - service_autofs_disabled ++ - service_ntpdate_disabled ++ - service_oddjobd_disabled ++ - service_qpidd_disabled ++ - service_rdisc_disabled ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_kerberos_crypto_policy +diff --git a/almalinux8/profiles/stig.profile b/almalinux8/profiles/stig.profile +new file mode 100644 +index 00000000..8093204c +--- /dev/null ++++ b/almalinux8/profiles/stig.profile +@@ -0,0 +1,328 @@ ++documentation_complete: true ++ ++metadata: ++ version: V1R1 ++ SMEs: ++ - carlosmmatos ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: 'DISA STIG for AlmaLinux 8' ++ ++description: |- ++ This profile contains configuration checks that align to the ++ DISA STIG for AlmaLinux 8. ++ ++selections: ++ # variables ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ - var_accounts_user_umask=077 ++ - var_password_pam_difok=8 ++ - var_password_pam_maxrepeat=3 ++ - var_sshd_disable_compression=no ++ - var_password_pam_maxclassrepeat=4 ++ - var_password_pam_minclass=4 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_accounts_max_concurrent_login_sessions=10 ++ - var_password_pam_unix_remember=5 ++ - var_selinux_state=enforcing ++ - var_selinux_policy_name=targeted ++ - var_accounts_password_minlen_login_defs=15 ++ - var_password_pam_minlen=15 ++ - var_password_pam_ocredit=1 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_ucredit=1 ++ - var_password_pam_lcredit=1 ++ - var_password_pam_retry=3 ++ - var_password_pam_minlen=15 ++ - sshd_idle_timeout_value=10_minutes ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ - var_accounts_fail_delay=4 ++ - var_account_disable_post_pw_expiration=35 ++ - var_auditd_action_mail_acct=root ++ - var_time_service_set_maxpoll=18_hours ++ - var_password_hashing_algorithm=SHA512 ++ - var_accounts_maximum_age_login_defs=60 ++ - var_auditd_space_left=250MB ++ - var_auditd_space_left_action=email ++ - var_auditd_disk_error_action=halt ++ - var_auditd_max_log_file_action=syslog ++ - var_auditd_disk_full_action=halt ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_kerberos_crypto_policy ++ - enable_dracut_fips_module ++ ++ # rules ++ - installed_OS_is_vendor_supported ++ - security_patches_up_to_date ++ ++ - sysctl_crypto_fips_enabled ++ - encrypt_partitions ++ - sshd_enable_warning_banner ++ - dconf_gnome_banner_enabled ++ - dconf_gnome_login_banner_text ++ - banner_etc_issue ++ - set_password_hashing_algorithm_logindefs ++ - grub2_uefi_password ++ - grub2_uefi_admin_username ++ - grub2_password ++ - grub2_admin_username ++ - kerberos_disable_no_keytab ++ - package_krb5-workstation_removed ++ - selinux_state ++ - package_policycoreutils_installed ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - sshd_use_strong_rng ++ - file_permissions_binary_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_library_dirs ++ - file_ownership_library_dirs ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_local_packages ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_fs_protected_symlinks ++ - sysctl_fs_protected_hardlinks ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_perf_event_paranoid ++ - sudo_remove_nopasswd ++ - sudo_remove_no_authenticate ++ - package_opensc_installed ++ - grub2_page_poison_argument ++ - grub2_vsyscall_argument ++ - grub2_slub_debug_argument ++ - sysctl_kernel_randomize_va_space ++ - clean_components_post_updating ++ - selinux_policytype ++ - no_host_based_files ++ - no_user_host_based_files ++ - service_rngd_enabled ++ - package_rng-tools_installed ++ - file_permissions_sshd_pub_key ++ - file_permissions_sshd_private_key ++ - sshd_enable_strictmodes ++ - sshd_disable_compression ++ - sshd_disable_user_known_hosts ++ - partition_for_var ++ - partition_for_var_log ++ - partition_for_var_log_audit ++ - partition_for_tmp ++ - sshd_disable_root_login ++ - service_auditd_enabled ++ - service_rsyslog_enabled ++ - mount_option_home_nosuid ++ - mount_option_boot_nosuid ++ - mount_option_nodev_nonroot_local_partitions ++ - mount_option_nodev_removable_partitions ++ - mount_option_noexec_removable_partitions ++ - mount_option_nosuid_removable_partitions ++ - mount_option_noexec_remote_filesystems ++ - mount_option_nodev_remote_filesystems ++ - mount_option_nosuid_remote_filesystems ++ - service_kdump_disabled ++ - sysctl_kernel_core_pattern ++ - service_systemd-coredump_disabled ++ - disable_users_coredumps ++ - coredump_disable_storage ++ - coredump_disable_backtraces ++ - accounts_user_home_paths_only ++ - accounts_user_interactive_home_directory_defined ++ - file_permissions_home_directories ++ - file_groupownership_home_directories ++ - accounts_user_interactive_home_directory_exists ++ - accounts_have_homedir_login_defs ++ - file_permission_user_init_files ++ - no_files_unowned_by_user ++ - file_permissions_ungroupowned ++ - partition_for_home ++ - gnome_gdm_disable_automatic_login ++ - sshd_do_not_permit_user_env ++ - account_temp_expire_date ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_interval ++ - accounts_passwords_pam_faillock_unlock_time ++ - accounts_passwords_pam_faillock_deny_root ++ - accounts_max_concurrent_login_sessions ++ - dconf_gnome_screensaver_lock_enabled ++ - configure_bashrc_exec_tmux ++ - no_tmux_in_shells ++ - dconf_gnome_screensaver_idle_delay ++ - configure_tmux_lock_after_time ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_maxclassrepeat ++ - accounts_password_pam_maxrepeat ++ - accounts_password_pam_minclass ++ - accounts_password_pam_difok ++ - accounts_password_set_min_life_existing ++ - accounts_minimum_age_login_defs ++ - accounts_maximum_age_login_defs ++ - accounts_password_set_max_life_existing ++ - accounts_password_pam_unix_remember ++ - accounts_password_pam_minlen ++ - accounts_password_minlen_login_defs ++ - account_disable_post_pw_expiration ++ - accounts_password_pam_ocredit ++ - sssd_offline_cred_expiration ++ - accounts_logon_fail_delay ++ - display_login_attempts ++ - sshd_print_last_log ++ - accounts_umask_etc_login_defs ++ - accounts_umask_interactive_users ++ - accounts_umask_etc_bashrc ++ - rsyslog_cron_logging ++ - auditd_data_retention_action_mail_acct ++ - postfix_client_configure_mail_alias ++ - auditd_data_disk_error_action ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_disk_full_action ++ - auditd_local_events ++ - auditd_name_format ++ - auditd_log_format ++ - file_permissions_var_log_audit ++ - directory_permissions_var_log_audit ++ # - audit_rules_immutable ++ # - audit_immutable_login_uids ++ # - audit_rules_usergroup_modification_shadow ++ # - audit_rules_usergroup_modification_opasswd ++ # - audit_rules_usergroup_modification_passwd ++ # - audit_rules_usergroup_modification_gshadow ++ # - audit_rules_usergroup_modification_group ++ # - audit_rules_login_events_lastlog ++ - grub2_audit_argument ++ - grub2_audit_backlog_limit_argument ++ - configure_usbguard_auditbackend ++ - package_rsyslog_installed ++ - package_rsyslog-gnutls_installed ++ - rsyslog_remote_loghost ++ # this rule expects configuration in MB instead percentage as how STIG demands ++ # - auditd_data_retention_space_left ++ - auditd_data_retention_space_left_action ++ # remediation fails because default configuration file contains pool instead of server keyword ++ - chronyd_or_ntpd_set_maxpoll ++ - chronyd_client_only ++ - chronyd_no_chronyc_network ++ - package_telnet-server_removed ++ - package_abrt_removed ++ - package_abrt-addon-ccpp_removed ++ - package_abrt-addon-kerneloops_removed ++ - package_abrt-addon-python_removed ++ - package_abrt-cli_removed ++ - package_abrt-plugin-logger_removed ++ - package_abrt-plugin-rhtsupport_removed ++ - package_abrt-plugin-sosreport_removed ++ - package_sendmail_removed ++ # - package_gssproxy_removed ++ - grub2_pti_argument ++ - package_rsh-server_removed ++ - kernel_module_atm_disabled ++ - kernel_module_can_disabled ++ - kernel_module_sctp_disabled ++ - kernel_module_tipc_disabled ++ - kernel_module_cramfs_disabled ++ - kernel_module_firewire-core_disabled ++ - configure_firewalld_ports ++ - service_autofs_disabled ++ - kernel_module_usb-storage_disabled ++ - service_firewalld_enabled ++ - package_firewalld_installed ++ - wireless_disable_interfaces ++ - kernel_module_bluetooth_disabled ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - mount_option_dev_shm_noexec ++ - mount_option_tmp_nodev ++ - mount_option_tmp_nosuid ++ - mount_option_tmp_noexec ++ - mount_option_var_log_nodev ++ - mount_option_var_log_nosuid ++ - mount_option_var_log_noexec ++ - mount_option_var_log_audit_nodev ++ - mount_option_var_log_audit_nosuid ++ - mount_option_var_log_audit_noexec ++ - mount_option_var_tmp_nodev ++ - mount_option_var_tmp_nosuid ++ - mount_option_var_tmp_noexec ++ - package_openssh-server_installed ++ - service_sshd_enabled ++ - sshd_rekey_limit ++ - ssh_client_rekey_limit ++ - disable_ctrlaltdel_reboot ++ - dconf_gnome_disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - service_debug-shell_disabled ++ - package_tftp-server_removed ++ - accounts_no_uid_except_zero ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_kptr_restrict ++ - sysctl_user_max_user_namespaces ++ - sysctl_net_ipv4_conf_all_rp_filter ++ # /etc/postfix/main.cf does not exist on default installation resulting in error during remediation ++ # there needs to be a new platform check to identify when postfix is installed or not ++ # - postfix_prevent_unrestricted_relay ++ - aide_verify_ext_attributes ++ - aide_verify_acls ++ # - package_xorg-x11-server-common_removed ++ - sshd_disable_x11_forwarding ++ - sshd_x11_use_localhost ++ - tftpd_uses_secure_mode ++ - package_vsftpd_removed ++ - package_iprutils_removed ++ - package_tuned_removed ++ - require_emergency_target_auth ++ - require_singleuser_auth ++ - set_password_hashing_algorithm_systemauth ++ - dir_perms_world_writable_sticky_bits ++ - package_aide_installed ++ - aide_scan_notification ++ - install_smartcard_packages ++ - sshd_disable_kerb_auth ++ - sshd_disable_gssapi_auth ++ - accounts_user_dot_no_world_writable_programs ++ - network_configure_name_resolution ++ - dir_perms_world_writable_root_owned ++ - package_tmux_installed ++ - configure_tmux_lock_command ++ - accounts_password_pam_retry ++ - sssd_enable_smartcards ++ - no_empty_passwords ++ - sshd_disable_empty_passwords ++ - file_ownership_var_log_audit ++ # - audit_rules_sysadmin_actions ++ - package_audit_installed ++ - service_auditd_enabled ++ - sshd_allow_only_protocol2 ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ - package_usbguard_installed ++ - service_usbguard_enabled ++ - network_sniffer_disabled +diff --git a/almalinux8/transforms/cci2html.xsl b/almalinux8/transforms/cci2html.xsl +new file mode 100644 +index 00000000..59d708ad +--- /dev/null ++++ b/almalinux8/transforms/cci2html.xsl +@@ -0,0 +1,6 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cci="https://public.cyber.mil/stigs/cci"> ++ ++<xsl:include href="../../shared/transforms/shared_cci2html.xsl"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/constants.xslt b/almalinux8/transforms/constants.xslt +new file mode 100644 +index 00000000..35d34c80 +--- /dev/null ++++ b/almalinux8/transforms/constants.xslt +@@ -0,0 +1,21 @@ ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> ++ ++<xsl:include href="../../shared/transforms/shared_constants.xslt"/> ++ ++<xsl:variable name="product_long_name">AlmaLinux 8</xsl:variable> ++<xsl:variable name="product_short_name">AL8</xsl:variable> ++<xsl:variable name="product_stig_id_name">>AL_8_STIG</xsl:variable> ++<xsl:variable name="prod_type">almalinux8</xsl:variable> ++ ++<xsl:variable name="cisuri">empty</xsl:variable> ++<xsl:variable name="product_guide_id_name">AL-8</xsl:variable> ++<xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/> ++<xsl:variable name="disa-srguri" select="$disa-ossrguri"/> ++ ++<!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy --> ++<!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable--> ++ ++<!-- Define URI for custom policy reference which can be used for linking to corporate policy --> ++<!--xsl:variable name="custom-ref-uri">https://www.example.org</xsl:variable--> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/shorthand2xccdf.xslt b/almalinux8/transforms/shorthand2xccdf.xslt +new file mode 100644 +index 00000000..e017cf6f +--- /dev/null ++++ b/almalinux8/transforms/shorthand2xccdf.xslt +@@ -0,0 +1,8 @@ ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> ++ ++<xsl:import href="../../shared/transforms/shared_shorthand2xccdf.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:param name="ssg_version">unknown</xsl:param> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/table-add-srgitems.xslt b/almalinux8/transforms/table-add-srgitems.xslt +new file mode 100644 +index 00000000..0212f13d +--- /dev/null ++++ b/almalinux8/transforms/table-add-srgitems.xslt +@@ -0,0 +1,7 @@ ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:cci="https://public.cyber.mil/stigs/cci"> ++ ++<xsl:include href="../../shared/transforms/shared_table-add-srgitems.xslt"/> ++<xsl:variable name="srgtable" select="document('../output/table-almalinux8-srgmap-flat.xhtml')/html/body/table" /> ++<xsl:variable name="cci_list" select="document('../../shared/references/disa-cci-list.xml')/cci:cci_list" /> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/table-sortbyref.xslt b/almalinux8/transforms/table-sortbyref.xslt +new file mode 100644 +index 00000000..bd97ee1c +--- /dev/null ++++ b/almalinux8/transforms/table-sortbyref.xslt +@@ -0,0 +1,6 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_table-sortbyref.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/table-srgmap.xslt b/almalinux8/transforms/table-srgmap.xslt +new file mode 100644 +index 00000000..23c2f60a +--- /dev/null ++++ b/almalinux8/transforms/table-srgmap.xslt +@@ -0,0 +1,11 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:include href="../../shared/transforms/shared_table-srgmap.xslt"/> ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++<xsl:variable name="items" select="document($map-to-items)//*[cdf:reference]" /> ++<xsl:variable name="title" select="document($map-to-items)/cdf:Benchmark/cdf:title" /> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/table-style.xslt b/almalinux8/transforms/table-style.xslt +new file mode 100644 +index 00000000..218d0f75 +--- /dev/null ++++ b/almalinux8/transforms/table-style.xslt +@@ -0,0 +1,5 @@ ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> ++ ++<xsl:import href="../../shared/transforms/shared_table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf-apply-overlay-stig.xslt b/almalinux8/transforms/xccdf-apply-overlay-stig.xslt +new file mode 100644 +index 00000000..38b354af +--- /dev/null ++++ b/almalinux8/transforms/xccdf-apply-overlay-stig.xslt +@@ -0,0 +1,8 @@ ++<?xml version="1.0"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf"> ++ ++<xsl:include href="../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/> ++<xsl:include href="constants.xslt"/> ++<xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" /> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2stigformat.xslt b/almalinux8/transforms/xccdf2stigformat.xslt +new file mode 100644 +index 00000000..5421604f +--- /dev/null ++++ b/almalinux8/transforms/xccdf2stigformat.xslt +@@ -0,0 +1,7 @@ ++<?xml version="1.0"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dc="http://purl.org/dc/elements/1.1/" exclude-result-prefixes="cdf"> ++ ++<xsl:include href="../../shared/transforms/shared_xccdf2stigformat.xslt"/> ++<xsl:include href="constants.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-byref.xslt b/almalinux8/transforms/xccdf2table-byref.xslt +new file mode 100644 +index 00000000..88a53f50 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-byref.xslt +@@ -0,0 +1,9 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-byref.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-cce.xslt b/almalinux8/transforms/xccdf2table-cce.xslt +new file mode 100644 +index 00000000..1ffb2221 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-cce.xslt +@@ -0,0 +1,9 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-cce.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-profileanssirefs.xslt b/almalinux8/transforms/xccdf2table-profileanssirefs.xslt +new file mode 100644 +index 00000000..b790974c +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-profileanssirefs.xslt +@@ -0,0 +1,8 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-profileanssirefs.xslt"/> ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-profileccirefs.xslt b/almalinux8/transforms/xccdf2table-profileccirefs.xslt +new file mode 100644 +index 00000000..5a104d95 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-profileccirefs.xslt +@@ -0,0 +1,9 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-profilecisrefs.xslt b/almalinux8/transforms/xccdf2table-profilecisrefs.xslt +new file mode 100644 +index 00000000..92cbdf9b +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-profilecisrefs.xslt +@@ -0,0 +1,9 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-profilecisrefs.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt b/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt +new file mode 100644 +index 00000000..7596f8b4 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt +@@ -0,0 +1,8 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-profilenistrefs-cui.xslt"/> ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-profilenistrefs.xslt b/almalinux8/transforms/xccdf2table-profilenistrefs.xslt +new file mode 100644 +index 00000000..8e97c333 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-profilenistrefs.xslt +@@ -0,0 +1,8 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-profilenistrefs.xslt"/> ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/almalinux8/transforms/xccdf2table-stig.xslt b/almalinux8/transforms/xccdf2table-stig.xslt +new file mode 100644 +index 00000000..2fb56fa7 +--- /dev/null ++++ b/almalinux8/transforms/xccdf2table-stig.xslt +@@ -0,0 +1,9 @@ ++<?xml version="1.0" encoding="utf-8" standalone="yes"?> ++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> ++ ++<xsl:import href="../../shared/transforms/shared_xccdf2table-stig.xslt"/> ++ ++<xsl:include href="constants.xslt"/> ++<xsl:include href="table-style.xslt"/> ++ ++</xsl:stylesheet> +diff --git a/build_product b/build_product +index 9bf76b4a..98be5bb9 100755 +--- a/build_product ++++ b/build_product +@@ -268,6 +268,7 @@ set_explict_build_targets() { + # Get this using + # grep 'option(SSG_PRODUCT' CMakeLists.txt | sed -e 's/option(SSG_PRODUCT_\(\w\+\).*/\1/' + all_cmake_products=( ++ ALMALINUX8 + CHROMIUM + DEBIAN9 + DEBIAN10 +diff --git a/controls/anssi.yml b/controls/anssi.yml +index 9e3cf015..96a0467a 100644 +--- a/controls/anssi.yml ++++ b/controls/anssi.yml +@@ -125,7 +125,7 @@ controls: + automated: yes + rules: + - security_patches_up_to_date +-{{% if product in ['fedora', 'ol8', 'rhel8'] %}} ++{{% if product in ['fedora', 'ol8', 'rhel8', 'almalinux8'] %}} + - package_dnf-automatic_installed + - timer_dnf-automatic_enabled + # Configure dnf-automatic to Install Available Updates Automatically +@@ -169,7 +169,7 @@ controls: + - id: R12 + level: intermediary + title: Partitioning type +- notes: >- ++ notes: >- + The rule for the /proc file system is not implemented + automated: partially + rules: +@@ -257,7 +257,7 @@ controls: + If the public key of a repository is not installed, the repo is not trusted. + automated: partially + rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +@@ -522,7 +522,7 @@ controls: + - sysctl_kernel_perf_event_max_sample_rate + - sysctl_kernel_perf_cpu_time_max_percent + +- ++ + - id: R24 + level: enhanced + title: Disabling the loading of kernel modules +@@ -750,7 +750,7 @@ controls: + - rsyslog_remote_loghost + + # Derived from DAT-NT-012 R12 +-{{% if product in ['fedora', 'ol8', 'rhel8'] %}} ++{{% if product in ['fedora', 'ol8', 'rhel8', 'almalinux8'] %}} + - package_rsyslog-gnutls_installed + - rsyslog_remote_tls + - rsyslog_remote_tls_cacert +diff --git a/docs/manual/developer/06_contributing_with_content.md b/docs/manual/developer/06_contributing_with_content.md +index c23a1467..bfc57670 100644 +--- a/docs/manual/developer/06_contributing_with_content.md ++++ b/docs/manual/developer/06_contributing_with_content.md +@@ -771,9 +771,7 @@ means: + > **Important** + > + > The minimum version of Ansible must be at the latest supported +-> version. See +-> <https://access.redhat.com/support/policy/updates/ansible-engine> for +-> information on the supported Ansible versions. ++> version. + + Ansible remediations are either: + +@@ -1805,7 +1803,7 @@ where *LANG* should be the language identifier in lower case, e.g. + 3) Create a file called `template.yml` within the template directory. This file + stores template metadata. Currently, it stores list of supported languages. Note + that each language listed in this file must have associated implementation +-file with the *.template* extension, see above. ++file with the *.template* extension, see above. + + An example can look like this: + +diff --git a/docs/manual/developer_guide.adoc b/docs/manual/developer_guide.adoc +index 91ea609b..d2b8a9e2 100644 +--- a/docs/manual/developer_guide.adoc ++++ b/docs/manual/developer_guide.adoc +@@ -1306,7 +1306,7 @@ Remediations also carry metadata that should be present at the beginning of the + + ==== Ansible + +-IMPORTANT: The minimum version of Ansible must be at the latest supported version. See https://access.redhat.com/support/policy/updates/ansible-engine for information on the supported Ansible versions. ++IMPORTANT: The minimum version of Ansible must be at the latest supported version. + + Ansible remediations are either: + +@@ -1846,7 +1846,7 @@ _package_installed_ directory: + 2) Create a file called _template.yml_ within the template directory. This file + stores template metadata. Currently, it stores list of supported languages. Note + that each language listed in this file must have associated implementation +-file with the _.template_ extension, see above. ++file with the _.template_ extension, see above. + + An example can look like this: + +@@ -1897,7 +1897,7 @@ def preprocess(data, lang): + + ==== Filters + +-You can use Jinja macros and Jinja filters in the template code. ComplianceAsCode support all built-in Jinja link:https://jinja.palletsprojects.com/en/2.11.x/templates/#builtin-filters[filters]. ++You can use Jinja macros and Jinja filters in the template code. ComplianceAsCode support all built-in Jinja link:https://jinja.palletsprojects.com/en/2.11.x/templates/#builtin-filters[filters]. + + There are also some custom filters useful for content authoring defined in the project: + +diff --git a/docs/manual/user_guide.adoc b/docs/manual/user_guide.adoc +index 67a1ce87..b45fd4f9 100644 +--- a/docs/manual/user_guide.adoc ++++ b/docs/manual/user_guide.adoc +@@ -261,7 +261,7 @@ yum -y remove xinetd + fi + + # generated: 2013-07-05T13:56:30-04:00 +-# END OF SCRIPT ++# END OF SCRIPT + ---- + + This output could be redirected to a bash script, or built into your RHEL7 provisioning process (e.g. the %post section of a kickstart). +@@ -271,7 +271,7 @@ This output could be redirected to a bash script, or built into your RHEL7 provi + ComplianceAsCode embeds ansible remediation scripts into the SCAP content. This allows for SCAP compatible tools to extract these remediation scripts to aide in potential remediation of system misconfigurations. When using OpenSCAP with + Ansible, it is advisable to use the playbooks from https://github.com/RedHatOfficial. These playbooks are generated from the ComplianceAsCode project and are also available on Ansible Galaxy. + +-IMPORTANT: The minimum version of Ansible must be at the latest supported version. See https://access.redhat.com/support/policy/updates/ansible-engine for information on the supported Ansible versions. ++IMPORTANT: The minimum version of Ansible must be at the latest supported version. + + ## Content Notes + +@@ -641,4 +641,3 @@ Once the above options are set, return to the SCC main screen by entering 0. + Logs, if any, are located in the following directory: + /opt/scc/Logs + ---- +- +diff --git a/firefox/guide/firefox/installed_firefox_version_supported/rule.yml b/firefox/guide/firefox/installed_firefox_version_supported/rule.yml +index 9f9c0438..239b09ff 100644 +--- a/firefox/guide/firefox/installed_firefox_version_supported/rule.yml ++++ b/firefox/guide/firefox/installed_firefox_version_supported/rule.yml +@@ -3,10 +3,9 @@ documentation_complete: true + title: 'Supported Version of Firefox Installed' + + description: |- +- If the system is joined to the Red Hat Network, a Red Hat Satellite Server, +- or a yum server, run the following command to install updates: ++ If the AlmaLinux repos available, run the following command to install updates: + <pre>$ sudo yum update</pre> +- If the system is not configured to use one of these sources, updates (in the form of RPM packages) ++ If the system is not configured to use repos, updates (in the form of RPM packages) + can be manually downloaded and installed using <tt>rpm</tt>. + + rationale: |- +@@ -25,13 +24,9 @@ references: + ocil_clause: 'it is not updated' + + ocil: |- +- If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or +- a yum server which provides updates, invoking the following command will ++ If the AlmaLinux repos available, invoking the following command will + indicate if updates are available: + <pre>$ sudo yum check-update</pre> +- If the system is not configured to update from one of these sources, ++ If the system is not configured to use repos, + run the following command to list when each package was last updated: + <pre>$ rpm -qa -last</pre> +- Compare this to Red Hat Security Advisories (RHSA) listed at +- {{{ weblink(link="https://access.redhat.com/security/updates/active/") }}} +- to determine if the system is missing applicable updates. +diff --git a/jre/guide/java/java_jre_updated/rule.yml b/jre/guide/java/java_jre_updated/rule.yml +index 80dd2b0d..b9468b59 100644 +--- a/jre/guide/java/java_jre_updated/rule.yml ++++ b/jre/guide/java/java_jre_updated/rule.yml +@@ -3,10 +3,9 @@ documentation_complete: true + title: 'Ensure Java Patches Installed' + + description: |- +- If the system is joined to the Red Hat Network, a Red Hat Satellite Server, +- or a yum server, run the following command to install updates: ++ If the AlmaLinux repos available, run the following command to install updates: + <pre>$ sudo yum update</pre> +- If the system is not configured to use one of these sources, updates (in the form of RPM packages) ++ If the system is not configured to use repos, updates (in the form of RPM packages) + can be manually downloaded and installed using <tt>rpm</tt>. + <br /><br /> + NOTE: U.S. Defense systems are required to be patched within 30 days or sooner as local policy +@@ -27,13 +26,9 @@ references: + ocil_clause: 'it is not updated' + + ocil: |- +- If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or +- a yum server which provides updates, invoking the following command will ++ If the AlmaLinux repos available, invoking the following command will + indicate if updates are available: + <pre>$ sudo yum check-update</pre> +- If the system is not configured to update from one of these sources, ++ If the system is not configured to update from repos, + run the following command to list when each package was last updated: + <pre>$ rpm -qa -last</pre> +- Compare this to Red Hat Security Advisories (RHSA) listed at +- {{{ weblink(link="https://access.redhat.com/security/updates/active/") }}} +- to determine if the system is missing applicable updates. +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +index 5b819d0e..ef13f4c8 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Check Avahi Responses'' TTL Field' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +index f0857b6b..8fcbf788 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Serve Avahi Only via Required Protocol' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +index 24fad07e..ab319bc7 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Prevent Other Programs from Using Avahi''s Port' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +index 9df0b4a8..18067062 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Information Published by Avahi' + +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index f3f08de8..9c3bf646 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml +index 03f8a5b6..80977a05 100644 +--- a/linux_os/guide/services/base/package_abrt_removed/rule.yml ++++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall Automatic Bug Reporting Tool (abrt)' + +@@ -25,7 +25,7 @@ identifiers: + + references: + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040001 ++ stigid@almalinux8: RHEL-08-040001 + + {{{ complete_ocil_entry_package(package="abrt") }}} + +diff --git a/linux_os/guide/services/base/package_psacct_installed/rule.yml b/linux_os/guide/services/base/package_psacct_installed/rule.yml +index ea782f25..cb15ad27 100644 +--- a/linux_os/guide/services/base/package_psacct_installed/rule.yml ++++ b/linux_os/guide/services/base/package_psacct_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install the psacct package' + +diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +index ce181075..87db8aa4 100644 +--- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Automatic Bug Reporting Tool (abrtd)' + +diff --git a/linux_os/guide/services/base/service_acpid_disabled/rule.yml b/linux_os/guide/services/base/service_acpid_disabled/rule.yml +index a621333d..a8ce2991 100644 +--- a/linux_os/guide/services/base/service_acpid_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_acpid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Advanced Configuration and Power Interface (acpid)' + +diff --git a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +index 42439eee..65e2e594 100644 +--- a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Certmonger Service (certmonger)' + +diff --git a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +index 29a0739d..fcc9db55 100644 +--- a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Cockpit Management Server' + +diff --git a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +index fe5078d6..7a00f657 100644 +--- a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable CPU Speed (cpupower)' + +diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +index 1f6a233e..9f3a4d6b 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda ++++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + kdump --disable +diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +index 86767100..cc578e28 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Disable KDump Kernel Crash Analyzer (kdump)' + +@@ -39,7 +39,7 @@ references: + iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 + cis-csc: 11,12,14,15,3,8,9 + ospp: FMT_SMF_EXT.1.1 +- stigid@rhel8: RHEL-08-010670 ++ stigid@almalinux8: RHEL-08-010670 + + ocil: '{{{ ocil_service_disabled(service="kdump") }}}' + +diff --git a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +index a14cb978..da0c18e8 100644 +--- a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Software RAID Monitor (mdmonitor)' + +diff --git a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +index 2e32fcf4..b35e3062 100644 +--- a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Network Console (netconsole)' + +diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +index 02fd4cc6..328da0cf 100644 +--- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable ntpdate Service (ntpdate)' + +diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +index da8c5865..b1d4befc 100644 +--- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Odd Job Daemon (oddjobd)' + +diff --git a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +index 0ae4f00c..96f05d70 100644 +--- a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Portreserve (portreserve)' + +diff --git a/linux_os/guide/services/base/service_psacct_enabled/rule.yml b/linux_os/guide/services/base/service_psacct_enabled/rule.yml +index 0c582bda..0dd1c428 100644 +--- a/linux_os/guide/services/base/service_psacct_enabled/rule.yml ++++ b/linux_os/guide/services/base/service_psacct_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable Process Accounting (psacct)' + +diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +index 687a819a..a47a1438 100644 +--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Apache Qpid (qpidd)' + +diff --git a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +index cbd83ab7..1b6c1806 100644 +--- a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Quota Netlink (quota_nld)' + +diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +index bcfa10d7..3dc3799f 100644 +--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +index a5c78935..22796122 100644 +--- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Red Hat Network Service (rhnsd)' + +diff --git a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +index 3acc9a0c..9e6cc04d 100644 +--- a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Red Hat Subscription Manager Daemon (rhsmcertd)' + +diff --git a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +index a8c48a10..91d70c7c 100644 +--- a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Cyrus SASL Authentication Daemon (saslauthd)' + +diff --git a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +index 9b396b05..d3b53adb 100644 +--- a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable System Statistics Reset Service (sysstat)' + +diff --git a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +index d1a26acf..2b61199d 100644 +--- a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml ++++ b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable anacron Service' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index d7a896ff..6c0628c3 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index a3ca2c29..fff0592b 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index 83811a39..a884eb16 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index addec776..63ed93c2 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index 62a78df1..9d9de9f2 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index 74c10593..ed529289 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index 1f3f68d0..e576f872 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index eec5ce2d..fb70aafb 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index 83bd10c8..78da5346 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index d9d6b201..a39b7d17 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index 5242eebb..af54e05d 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index 6b21ec40..6bd97ce0 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index ea2167ed..a8eb6044 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index 7592cf9b..11e57aca 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index fd7d6cea..9471087d 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index bde17ff1..b7d705ea 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index 94fc9508..8f1cafe0 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index aa013fa7..d34bb711 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index b1014ca8..86672db5 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index 56afe264..90251231 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +index b1d800fe..e5afc5ac 100644 +--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable At Service (atd)' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index 37b6f9a7..21e6aa92 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +index a4b21993..454e8335 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Logging' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +index 60d78d25..e440c66d 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Deny BOOTP Queries' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +index ff1bb2ab..ae9809c7 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Deny Decline Messages' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +index 5bdfc859..51f19a17 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Do Not Use Dynamic DNS' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +index 64fea96b..47089e6e 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable DHCP Client in ifcfg' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +index 42273fd5..649e02ef 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Uninstall DHCP Server Package' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index 007dc178..68563051 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +index 48a25265..89f8ef7d 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Uninstall bind Package' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index d371769b..99ebf7ac 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +index b87046b2..8c06bcf5 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Authenticate Zone Transfers' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +index 175cc987..a271f9e8 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Dynamic Updates' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +index 05aa2344..8c441644 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Zone Transfers from the Nameserver' + +diff --git a/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml +index 443372d6..dcfc3fbc 100644 +--- a/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml ++++ b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure SELinux support is enabled in Docker' + +diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +index 5869cac7..9c73f25a 100644 +--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml ++++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Install fapolicyd Package' + +diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +index 44b97a8d..747727f7 100644 +--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml ++++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol8,rhel8 ++prodtype: rhcos4,ol8,rhel8,almalinux8 + + title: 'Enable the File Access Policy Service' + +@@ -22,7 +22,7 @@ references: + nist: CM-6(a),SI-4(22) + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000370-GPOS-00155 +- stigid@rhel8: RHEL-08-040135 ++ stigid@almalinux8: RHEL-08-040135 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +index dc7d79af..03371112 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Uninstall vsftpd Package' + +@@ -28,7 +28,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 + cis-csc: 11,14,3,9 +- stigid@rhel8: RHEL-08-040360 ++ stigid@almalinux8: RHEL-08-040360 + + {{{ complete_ocil_entry_package(package="vsftpd") }}} + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +index 170f7c10..f5f7a79b 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable vsftpd Service' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +index f94beaf6..72143561 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable FTP Uploads if Possible' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +index 62818647..6c59fe87 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Place the FTP Home Directory on its Own Partition' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +index 3f9a0e0d..04625628 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Enable Logging of All FTP Transactions' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +index 3590a085..adce7751 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle12 ++prodtype: fedora,rhel7,rhel8,almalinux8,sle12 + + title: 'Create Warning Banners for All FTP Users' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +index 855536ac..5b586fc7 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Restrict Access to Anonymous Users if Possible' + +diff --git a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +index 7dd28336..b8c71814 100644 +--- a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Install vsftpd Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +index d04d858c..727442b6 100644 +--- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Uninstall httpd Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +index a9324493..63bc0445 100644 +--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable httpd Service' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +index bb71b36f..38cbb050 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Error Log Format' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +index 3a9b317b..e04b503d 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure The Number of Allowed Simultaneous Requests' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +index 136cd7cc..77021742 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Scan All Uploaded Content for Malicious Software' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +index 2d0a5c51..8de48bb4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure firewall to Allow Access to the Web Server' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +index 1d308d43..24bb3080 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure Remote Administrative Access Is Encrypted' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +index 2cbde0fa..6f41e4cc 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on the /etc/httpd/conf/ Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +index 37e42437..9ab06079 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on the /var/log/httpd/ Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +index 45af243c..076664c6 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +index 4af25998..19470cb2 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +index 26651d59..0b88b0f5 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +index e09f15a6..8be87c58 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'HTTPD Log Files Must Be Owned By Root' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +index e04cdfd5..827288f8 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure HTTP PERL Scripts To Use TAINT Option' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +index 130a822f..dd60cb4a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Web Content Directories Must Not Be Shared Anonymously' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +index 28cab365..226e53e4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove Write Permissions From Filesystem Paths And Server Scripts' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +index 81f39f7b..49ce8bcd 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Anonymous FTP Access' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +index cb6e4ef5..813459fd 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ignore HTTPD .htaccess Files' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +index fb02b8d4..93de1f84 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Limit Available Methods' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +index 2194e268..496484d0 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Other Critical Directories' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +index a02162aa..87ec21b7 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Root Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +index cb5e5231..0f53af52 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Web Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +index ea7ab8bf..89776d62 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'MIME types for csh or sh shell programs must be disabled' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +index f324b60e..bc49ebc1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD Error Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +index e8bb96b2..d3d67773 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD LogLevel' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +index 33b9a33e..2d953da2 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD System Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +index fcf1c504..b4d29e35 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'The web server password(s) must be entrusted to the SA or Web Manager' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +index 97b49e06..47d23073 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Cache Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +index 20ec65bd..34d59440 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable CGI Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +index 5bef0902..ac5afa64 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable HTTP Digest Authentication' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +index 250f3ba6..6fbb5909 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable log_config_module For HTTPD Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +index 6afbb503..e3e7380a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable LDAP Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +index a49a797d..31d622a1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable MIME Magic' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +index e72cd1b1..35f2881e 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable HTTP mod_rewrite' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +index 49ddb85a..013c1e90 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Proxy Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +index 59b00d06..d5ed46a4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Server Activity Status' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +index 3b7a1c74..43335230 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Web Server Configuration Display' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +index 119cfb6a..cf8848f9 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Server Side Includes' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +index b11038c3..875c149a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable URL Correction on Misspelled Entries' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +index 0dbde818..b0ea54ca 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable WebDAV (Distributed Authoring and Versioning)' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +index 8389ba24..a1e675f5 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install mod_security' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +index 4fcb6742..e1802d1e 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable Transport Layer Security (TLS) Encryption' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +index 2fbe3e26..451af3fc 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure A Valid Server Certificate' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +index f845c3e9..46eb5cf8 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install mod_ssl' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +index 08429251..113b317d 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Require Client Certificates' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +index 65c10b74..ee0f8eda 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ extension' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +index c0a8e19c..d75e3f3f 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Installation of a compiler on production web server is prohibited' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +index 177fc6b1..7515622f 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'A private web server must be located on a separate controlled access subnet' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +index 7b93fe2d..ca9dbde3 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Public web server resources must not be shared with private assets' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +index c26a075a..79294345 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Backup interactive scripts on the production web server are prohibited' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +index 4719ef73..1831de59 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set httpd ServerSignature Directive to Off' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +index 2b03cd50..8e06307b 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set httpd ServerTokens Directive to Prod' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +index f885d2ce..d573f442 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure A Banner Page For Each Website' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +index b3a76b83..de57edf1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Each Web Content Directory Must Contain An index.html File' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +index ea3b87ed..f75f9612 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Web Content Symbolic Links' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +index f84d6d5c..0773ee07 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Encrypt All File Uploads' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +index 4e519379..62902b85 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove .java And .jpp Files' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +index cc7c33d1..e585f723 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'The robots.txt Files Must Not Exist' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +index 6d7e27f4..bd29cf0b 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure Web Content Located on Separate partition' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +index d03ccdc5..420b1a6d 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Dovecot to Use the SSL Certificate file' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +index 34c4865f..0c1a2b7b 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Dovecot to Use the SSL Key file' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +index cd829dd8..cfedf22c 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Plaintext Authentication' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +index d88e1120..5744fe45 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the SSL flag in /etc/dovecot.conf' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +index 597cb2cd..9ec62022 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Uninstall dovecot Package' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +index d4436fe0..35c07c01 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Dovecot Service' + +diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/bash/shared.sh b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/bash/shared.sh +index b411f4fb..c66adbcb 100644 +--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/bash/shared.sh ++++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + rm -f /etc/*.keytab +diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +index d29370c9..44de2d7e 100644 +--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml ++++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +@@ -20,7 +20,7 @@ references: + ospp: FTP_ITC_EXT.1 + srg: SRG-OS-000120-GPOS-00061 + ism: 0418,1055,1402 +- stigid@rhel8: RHEL-08-010161 ++ stigid@almalinux8: RHEL-08-010161 + + ocil_clause: 'it is present on the system' + +diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +index 30a9fca8..ad755e59 100644 +--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml ++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Remove the Kerberos Server Package' + +diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +index 4aedda80..9a35ccb3 100644 +--- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml ++++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8 ++prodtype: rhcos4,rhel7,rhel8,almalinux8 + + title: 'Uninstall 389-ds-base Package' + +diff --git a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +index 75d7b2a6..0d3ba74f 100644 +--- a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the LDAP Client For Use in Authconfig' + +diff --git a/linux_os/guide/services/ldap/openldap_client/group.yml b/linux_os/guide/services/ldap/openldap_client/group.yml +index 77a121dd..b6e59025 100644 +--- a/linux_os/guide/services/ldap/openldap_client/group.yml ++++ b/linux_os/guide/services/ldap/openldap_client/group.yml +@@ -11,12 +11,6 @@ description: |- + much control over configuration as manual editing of configuration files. The + authconfig tools do not allow you to specify locations of SSL certificate + files, which is useful when trying to use SSL cleanly across several protocols. +- Installation and configuration of OpenLDAP on {{{ full_name }}} is available at +- {{% if product == "rhel7" %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/openldap.html") }}}. +- {{% elif product == "ol7" %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-s9-auth.html") }}}. +- {{% endif %}} + + warnings: + - general: |- +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +index fbaef339..0e7f24c3 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +index 1060d079..9037f742 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure LDAP Client to Use TLS For All Transactions' + +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +index 52da6cca..1c513b06 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Certificate Directives for LDAP Use of TLS' + +diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +index eb975656..625cbed6 100644 +--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure LDAP client is not installed' + +diff --git a/linux_os/guide/services/ldap/openldap_server/group.yml b/linux_os/guide/services/ldap/openldap_server/group.yml +index c180820e..510d5c6e 100644 +--- a/linux_os/guide/services/ldap/openldap_server/group.yml ++++ b/linux_os/guide/services/ldap/openldap_server/group.yml +@@ -5,7 +5,3 @@ title: 'Configure OpenLDAP Server' + description: |- + This section details some security-relevant settings + for an OpenLDAP server. +- {{% if product == "rhel7" %}} +- Installation and configuration of OpenLDAP on Red Hat Enterprise Linux 7 is available at: +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/openldap.html") }}}. +- {{% endif %}} +diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +index ce08c70d..e39d33a9 100644 +--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Uninstall openldap-servers Package' + +diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +index ed29daa2..c9e90666 100644 +--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml ++++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Uninstall Sendmail Package' + +@@ -30,7 +30,7 @@ references: + cis-csc: 11,14,3,9 + anssi: BP28(R1) + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-040002 ++ stigid@almalinux8: RHEL-08-040002 + + {{{ complete_ocil_entry_package(package="sendmail") }}} + +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +index ea30438a..2d4412cb 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +@@ -31,7 +31,7 @@ references: + disa@sle12: CCI-000139 + nist@sle12: AU-5(a),AU-5.1(ii) + anssi: BP28(R49) +- stigid@rhel8: RHEL-08-030030 ++ stigid@almalinux8: RHEL-08-030030 + srg: SRG-OS-000046-GPOS-00022 + + ocil_clause: 'it is not' +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +index e1c9d00d..df00159e 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +index 2ef07dd1..13153d5d 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +index b3a9ce8f..94edaf3b 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Postfix Network Listening' + +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +index 3b75cba8..d379051f 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure SMTP Greeting Banner' + +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh +index 20230621..be441dc9 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_ol,multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if ! grep -q ^smtpd_client_restrictions /etc/postfix/main.cf; then + echo "smtpd_client_restrictions = permit_mynetworks,reject" >> /etc/postfix/main.cf +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +index 0a3d8188..9bff47f1 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Prevent Unrestricted Mail Relaying' + +@@ -25,7 +25,7 @@ references: + disa: CCI-000366 + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-040680 +- stigid@rhel8: RHEL-08-040290 ++ stigid@almalinux8: RHEL-08-040290 + + ocil_clause: 'it is not' + +diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +index 6f47a9c2..896bfd3b 100644 +--- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml ++++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Enable Postfix Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +index 2524bf79..e398c312 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Network File System Lock Service (nfslock)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index 841bcaa4..a9f5076c 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +index 965d781c..3119d78b 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Secure RPC Client Service (rpcgssd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +index 9dded936..672b5bdf 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable RPC ID Mapping Service (rpcidmapd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +index 322d5924..c93b5d14 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure lockd to use static TCP port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +index ca67db92..a1aaad35 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure lockd to use static UDP port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +index 7d8839f5..563cd079 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure mountd to use static port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +index adcc2e18..c9a2bc06 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure statd to use static port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +index 73a0d70b..36a53e46 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Specify UID and GID for Anonymous NFS Connections' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index aafb650d..7810022b 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +index 8699bc19..cd58d4ca 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Secure RPC Server Service (rpcsvcgssd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +index c8d08650..f43e094c 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Mount Remote Filesystems with Kerberos Security' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +index 66f45589..30038812 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Mount Remote Filesystems with nodev' + +@@ -24,7 +24,7 @@ references: + cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS05.06,DSS06.06 + iso27001-2013: A.11.2.9,A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.8.2.1,A.8.2.2,A.8.2.3,A.8.3.1,A.8.3.3,A.9.1.2 + cis-csc: 11,13,14,3,8,9 +- stigid@rhel8: RHEL-08-010640 ++ stigid@almalinux8: RHEL-08-010640 + srg: SRG-OS-000480-GPOS-00227 + + ocil_clause: 'the setting does not show' +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +index 4a50d796..5ac95123 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Mount Remote Filesystems with noexec' + +@@ -32,7 +32,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 + stigid@sle12: SLES-12-010820 +- stigid@rhel8: RHEL-08-010630 ++ stigid@almalinux8: RHEL-08-010630 + + ocil_clause: 'the setting does not show' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +index 695e1a1e..0d34b434 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Mount Remote Filesystems with nosuid' + +@@ -30,7 +30,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 + stigid@sle12: SLES-12-010810 +- stigid@rhel8: RHEL-08-010650 ++ stigid@almalinux8: RHEL-08-010650 + + ocil_clause: 'the setting does not show' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +index daaf44ae..548c4d83 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Ensure Insecure File Locking is Not Allowed' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +index 232bf40a..00636b06 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Restrict NFS Clients to Privileged Ports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +index 7b70a652..61f6473a 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Use Kerberos Security on All Exports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +index c5983cbe..0f39d0ff 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Use Root-Squashing on All Exports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +index ed7373a2..8b632f90 100644 +--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall nfs-utils Package' + +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +index f6c14e4f..c2a7dfc4 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +index bf524043..c6bf40d3 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +index 83d1ba0d..e28d3546 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable chrony daemon from acting as server' + +@@ -24,7 +24,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000096-GPOS-00050 +- stigid@rhel8: RHEL-08-030741 ++ stigid@almalinux8: RHEL-08-030741 + + ocil_clause: 'it does not exist or port is set to non-zero value' + +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +index 13f20d64..97cfbaae 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +index 6bb5e59b..f53e242d 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +index d6d776a9..46bf3412 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable network management of chrony daemon' + +@@ -24,7 +24,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000096-GPOS-00050 +- stigid@rhel8: RHEL-08-030742 ++ stigid@almalinux8: RHEL-08-030742 + + ocil_clause: 'it does not exist or port is set to non-zero value' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +index b23deffb..a9e4d9ba 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +index 8d12b741..38e88460 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Configure Time Service Maxpoll Interval' + +@@ -43,7 +43,7 @@ references: + cis-csc: 1,14,15,16,3,5,6 + stigid@sle12: SLES-12-030300 + nist@sle12: AU-8(1)(a),AU-8(1)(b) +- stigid@rhel8: RHEL-08-030740 ++ stigid@almalinux8: RHEL-08-030740 + + ocil_clause: 'it does not exist or maxpoll has not been set to the expected value' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh +index 9add69d3..944e1865 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_multiple_time_servers") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +index d64f0308..5199d1b5 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Specify Additional Remote NTP Servers' + +@@ -8,14 +8,7 @@ description: |- + Depending on specific functional requirements of a concrete + production environment, the {{{ full_name }}} system can be + configured to utilize the services of the <tt>chronyd</tt> NTP daemon (the +- default), or services of the <tt>ntpd</tt> NTP daemon. Refer to +- {{% if product in ["ol7", "ol8"] %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-nettime.html") }}} +- {{% else %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Configuring_NTP_Using_the_chrony_Suite.html") }}} +- {{% endif %}} +- for more detailed comparison of the features of both of the choices, and for +- further guidance how to choose between the two NTP daemons. ++ default), or services of the <tt>ntpd</tt> NTP daemon. + <br /> + Additional NTP servers can be specified for time synchronization. To do so, + perform the following: +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh +index 0a3f6364..d0e0610b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_multiple_time_servers") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +index ff485aeb..4a99e4b8 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Specify a Remote NTP Server' + +@@ -8,14 +8,7 @@ description: |- + Depending on specific functional requirements of a concrete + production environment, the {{{ full_name }}} system can be + configured to utilize the services of the <tt>chronyd</tt> NTP daemon (the +- default), or services of the <tt>ntpd</tt> NTP daemon. Refer to +- {{% if product in ["ol7", "ol8"] %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-nettime.html") }}} +- {{% else %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Configuring_NTP_Using_the_chrony_Suite.html") }}} +- {{% endif %}} +- for more detailed comparison of the features of both of the choices, and for +- further guidance how to choose between the two NTP daemons. ++ default), or services of the <tt>ntpd</tt> NTP daemon. + <br /> + To specify a remote NTP server for time synchronization, perform the following: + <ul> +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +index e60dd11e..12f4bd92 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh +index 83acc51d..e7695a8c 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q 'OPTIONS=.*' /etc/sysconfig/chronyd; then + # trying to solve cases where the parameter after OPTIONS +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +index ef986781..93b9f3f2 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,fedora,sle15 ++prodtype: rhel7,rhel8,almalinux8,fedora,sle15 + + title: 'Ensure that chronyd is running under chrony user account' + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +index 44712c37..4bd3cd36 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +index 50a57359..49717a28 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +index 2eda5b94..ed3a7926 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +index 4221c059..b27978a4 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + rm -f /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +index 7ca6378d..69a0286e 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "some line" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +index d31254c6..7bb31ac7 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "server 0.pool.ntp.org" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +index fbe2933f..eea0c083 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "server " > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/group.yml b/linux_os/guide/services/ntp/group.yml +index c5c78696..80e0b9a7 100644 +--- a/linux_os/guide/services/ntp/group.yml ++++ b/linux_os/guide/services/ntp/group.yml +@@ -48,22 +48,6 @@ description: |- + to use broadcast or multicast IP, or to perform authentication of packets with + the <tt>Autokey</tt> protocol, should consider using <tt>ntpd</tt>. + <br /><br /> +- Refer to +- {{% if product == "ol7" %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-nettime.html") }}} +- {{% elif product == "rhel7" %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Configuring_NTP_Using_the_chrony_Suite.html") }}} +- {{% elif "ubuntu" in product %}} +- {{{ weblink(link="https://help.ubuntu.com/lts/serverguide/NTP.html") }}} +- {{% elif "debian" in product %}} +- {{{ weblink(link="https://wiki.debian.org/NTP") }}} +- {{% else %}} +- {{{ weblink(link="https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/servers/Configuring_NTP_Using_the_chrony_Suite/") }}} +- {{% endif %}} +- for more detailed comparison of features of <tt>chronyd</tt> +- and <tt>ntpd</tt> daemon features respectively, and for further guidance how to +- choose between the two NTP daemons. +- <br /><br /> + The upstream manual pages at {{{ weblink(link="http://chrony.tuxfamily.org/manual.html") }}} for + <tt>chronyd</tt> and {{{ weblink(link="http://www.ntp.org") }}} for <tt>ntpd</tt> provide additional + information on the capabilities and configuration of each of the NTP daemons. +diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh +index b81a539c..2c5a9298 100644 +--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh ++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + + if rpm -q --quiet chrony ; then + if ! /usr/sbin/pidof ntpd ; then +diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +index 056e3c67..6fce7c93 100644 +--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml ++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the NTP Daemon' + +@@ -11,13 +11,7 @@ description: |- + {{{ ocil_service_enabled(service="ntpd") }}} + Note: The <tt>ntpd</tt> daemon is not enabled by default. Though as mentioned + in the previous sections in certain environments the <tt>ntpd</tt> daemon might +- be preferred to be used rather than the <tt>chronyd</tt> one. Refer to: +- {{% if product in ["ol7", "ol8"] %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-nettime.html") }}} +- {{% else %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Configuring_NTP_Using_the_chrony_Suite.html") }}} +- {{% endif %}} +- for guidance which NTP daemon to choose depending on the environment used. ++ be preferred to be used rather than the <tt>chronyd</tt> one. + + rationale: |- + Enabling some of <tt>chronyd</tt> or <tt>ntpd</tt> services ensures +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +index debbca89..47c4cd60 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Uninstall xinetd Package' + +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +index b89c1092..bc6c622a 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable xinetd Service' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index c58db2c8..9c73af93 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index c5733c0b..ac41f1fb 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +index c4b50ed2..c1447093 100644 +--- a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable ypbind Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +index 26b3c514..f65fd861 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +index 49445306..dfaaa718 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Remove Host-Based Authentication Files' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-040550 + stigid@sle12: SLES-12-010410 +- stigid@rhel8: RHEL-08-010460 ++ stigid@almalinux8: RHEL-08-010460 + + ocil_clause: 'these files exist' + +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +index 7354a691..9f44e331 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +index d4cc7ef2..64a86cc0 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + find /home -maxdepth 2 -type f -name .rhosts -exec rm -f '{}' \; + + if [ -f /etc/hosts.equiv ]; then +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +index 6e902385..3a6461d6 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +index efb63862..526ad1c0 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Remove User Host-Based Authentication Files' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-040540 + stigid@sle12: SLES-12-010400 +- stigid@rhel8: RHEL-08-010470 ++ stigid@almalinux8: RHEL-08-010470 + + ocil_clause: 'these files exist' + +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +index 23d30cb5..36bd901e 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Uninstall rsh-server Package' + +@@ -34,7 +34,7 @@ references: + isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3 + cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06 + cis-csc: 11,12,14,15,3,8,9 +- stigid@rhel8: RHEL-08-040010 ++ stigid@almalinux8: RHEL-08-040010 + + {{{ complete_ocil_entry_package(package="rsh-server") }}} + +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +index 5337d256..2e5a14d0 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Uninstall rsh Package' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +index 862b6e56..6e5236a8 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable rexec Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +index ef638e5a..13cc744e 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable rlogin Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +index e061a10d..3adee025 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable rsh Service' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index 7cac07d9..678e416b 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,rhcos4,sle15 ++prodtype: rhel7,ol7,rhel8,almalinux8,ol8,fedora,rhv4,rhcos4,sle15 + + title: 'Ensure rsyncd service is diabled' + +diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +index fb1760a2..c7fced93 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Uninstall talk-server Package' + +diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +index 520bf799..a14f34de 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Uninstall talk Package' + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +index f42bcba1..83852d46 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Uninstall telnet-server Package' + +@@ -44,7 +44,7 @@ references: + isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3 + cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06 + cis-csc: 11,12,14,15,3,8,9 +- stigid@rhel8: RHEL-08-040000 ++ stigid@almalinux8: RHEL-08-040000 + + {{{ complete_ocil_entry_package(package="telnet-server") }}} + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +index a541ab5b..a887e7ee 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Remove telnet Clients' + +diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +index 38269b98..085136b0 100644 +--- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable telnet Service' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +index 2d0258db..5b0e5d92 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Uninstall tftp-server Package' + +@@ -33,7 +33,7 @@ references: + cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06 + iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 + cis-csc: 11,12,14,15,3,8,9 +- stigid@rhel8: RHEL-08-040190 ++ stigid@almalinux8: RHEL-08-040190 + + {{{ complete_ocil_entry_package(package="tftp-server") }}} + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +index f7a8ba35..55344fb2 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove tftp Daemon' + +diff --git a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +index 7cd0d99b..17708acd 100644 +--- a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable tftp Service' + +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml +index 359670e3..0192b27e 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 + # reboot = false + # complexity = low + # strategy = configure +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh +index cf090191..e84f7d1d 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +index 24cefbb6..2519abdf 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure tftp Daemon Uses Secure Mode' + +@@ -38,7 +38,7 @@ references: + cobit5: APO01.06,APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.06 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 11,12,13,14,15,16,18,3,5,8,9 +- stigid@rhel8: RHEL-08-040350 ++ stigid@almalinux8: RHEL-08-040350 + + ocil_clause: 'this flag is missing' + +diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +index c28ba338..dcc000e4 100644 +--- a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Printer Browsing Entirely if Possible' + +diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +index 997c4b67..96dab0fc 100644 +--- a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Print Server Capabilities' + +diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +index 1f731586..a045da73 100644 +--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable the CUPS Service' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +index 563cad46..62b0a7b4 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall squid Package' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +index 04d0a125..bbc840dc 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Squid' + +diff --git a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +index ebaea4ac..e30adcb3 100644 +--- a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml ++++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Remove the FreeRadius Server Package' + +diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +index feebdff4..6567c748 100644 +--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml ++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Enable the Hardware RNG Entropy Gatherer Service' + +@@ -21,7 +21,7 @@ identifiers: + references: + ospp: FCS_RBG_EXT.1 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010471 ++ stigid@almalinux8: RHEL-08-010471 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +index 13bb7304..d3ca2eea 100644 +--- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml ++++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall quagga Package' + +diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +index ef4a10d1..e60dd79c 100644 +--- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml ++++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable Quagga Service' + +diff --git a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +index 9c2b065e..55f08c6b 100644 +--- a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Require Client SMB Packet Signing, if using mount.cifs' + +diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +index c83513b1..8efa81c0 100644 +--- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Install the Samba Common Package' + +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +index a6606860..f25b9504 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +index 9e1f01f5..d7d4c265 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + ###################################################################### + #By Luke "Brisk-OH" Brisk + #luke.brisk@boeing.com or luke.brisk@gmail.com +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +index 103130bc..77660a77 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Require Client SMB Packet Signing, if using smbclient' + +diff --git a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +index 0cf80fb6..d9978cea 100644 +--- a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Root Access to SMB Shares' + +diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +index dcf23661..20a5dde3 100644 +--- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Uninstall Samba Package' + +diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +index e5c7587b..1a1cc242 100644 +--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Samba' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +index 9fefec42..a1cc0101 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Uninstall net-snmp Package' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +index 25483ab0..6447c54a 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,rhel7,rhel8,sle15 ++prodtype: debian10,debian9,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable snmpd Service' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh +index 084c8934..c38f2b92 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then + sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +index 6e3dd2c4..455f9912 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Ensure SNMP Read Write is disabled' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +index 4e4f24f3..76e256fe 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 ++# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +index 4271bdc3..abbe006b 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 ++# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +index 1a5c929b..a15bac8a 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Ensure Default SNMP Password Is Not Used' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +index 776652a9..8cce8418 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' + +diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +index 2b443f0d..7782532d 100644 +--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15,rhcos4 + + title: 'Verify Group Who Owns SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +index 58eee9fa..bb3f95fc 100644 +--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15,rhcos4 + + title: 'Verify Owner on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +index 3abdc399..61620bf5 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,almalinux8,rhv4,sle15,rhcos4 + + title: 'Verify Permissions on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +index 5397a3fd..a3194d48 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +@@ -35,7 +35,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 + cis@rhel8: 5.2.3 +- stigid@rhel8: RHEL-08-010490 ++ stigid@almalinux8: RHEL-08-010490 + + ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/*_key", perms="-rw-r-----") }}}' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +index d49e375d..eef32941 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +@@ -30,7 +30,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 + cis@rhel8: 5.2.4 +- stigid@rhel8: RHEL-08-010480 ++ stigid@almalinux8: RHEL-08-010480 + + ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/*.pub", perms="-rw-r--r--") }}}' + +diff --git a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +index d49b5e58..a948b56c 100644 +--- a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml ++++ b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove SSH Server firewalld Firewall exception (Unusual)' + +diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +index 2317d0d3..82475fc9 100644 +--- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'Install OpenSSH client software' + +diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +index 84882d52..76385dcb 100644 +--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 + + title: 'Install the OpenSSH Server Package' + +diff --git a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml +index f866b98a..a0c0217e 100644 +--- a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 + + title: 'Remove the OpenSSH Server Package' + +diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +index 81d63480..5e18df04 100644 +--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Enable the OpenSSH Service' + +@@ -38,7 +38,7 @@ references: + cobit5: APO01.06,DSS05.02,DSS05.04,DSS05.07,DSS06.02,DSS06.06 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 13,14 +- stigid@rhel8: RHEL-08-040160 ++ stigid@almalinux8: RHEL-08-040160 + + ocil: '{{{ ocil_service_enabled(service="sshd") }}}' + +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml +index a9f579ae..d09aa306 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh +index a3b0b3a9..8859fb92 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # put line into the file + echo "setenv SSH_USE_STRONG_RNG 32" > /etc/profile.d/cc-ssh-strong-rng.csh +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +index a2b9bfa3..690daa63 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'SSH client uses strong entropy to seed (for CSH like shells)' + +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml +index d19ee819..2500acf8 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh +index 07e45f1d..5d3721f9 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # put line into the file + echo "export SSH_USE_STRONG_RNG=32" > /etc/profile.d/cc-ssh-strong-rng.sh +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +index 3de4df0a..c912cee2 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'SSH client uses strong entropy to seed (Bash-like shells)' + +diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +index ad3a41fc..99479ba5 100644 +--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml +index 2553a4d2..034183d2 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + # reboot = false + # complexity = low + # strategy = configure +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +index 6e38d595..9a2c544c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable SSH Server firewalld Firewall Exception' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +index 39102e5d..2dcfeeb0 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +index 590e96d1..b310e547 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/rule.yml +index fc6175e4..ffc3cbb5 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/rule.yml +@@ -41,7 +41,7 @@ references: + iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.14.1.3,A.18.1.4,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5,8 + ism: 0487,1449,1506 +- stigid@rhel8: RHEL-08-040060 ++ stigid@almalinux8: RHEL-08-040060 + + ocil_clause: 'it is commented out or is not set correctly to Protocol 2' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +index f8d422c6..aafcd046 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +index 408c97d4..108868fc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +index 9e4e2f48..08b2fbe8 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +@@ -39,7 +39,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 +- stigid@rhel8: RHEL-08-010510 ++ stigid@almalinux8: RHEL-08-010510 + + ocil_clause: 'it is commented out, or is not set to no or delayed' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +index f9ece13f..eb56fa9c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +@@ -36,7 +36,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 + ism: 0418,1055,1402 +- stigid@rhel8: RHEL-08-010521 ++ stigid@almalinux8: RHEL-08-010521 + + ocil_clause: 'it is commented out or is not disabled' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +index 228a1166..6ba91af4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +index 319ec5cb..93a302d8 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +index 8360f5fa..5e32ab01 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +@@ -46,7 +46,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,3,5 + anssi: BP28(R19),NT007(R21) +- stigid@rhel8: RHEL-08-010550 ++ stigid@almalinux8: RHEL-08-010550 + + {{{ complete_ocil_entry_sshd_option(default="no", option="PermitRootLogin", value="no") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +index b55e7491..0eecd973 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +@@ -38,7 +38,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 +- stigid@rhel8: RHEL-08-010520 ++ stigid@almalinux8: RHEL-08-010520 + + {{{ complete_ocil_entry_sshd_option(default="no", option="IgnoreUserKnownHosts", value="yes") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +index 14f0270c..4f02e10e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +@@ -37,7 +37,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + disa: CCI-000366 + nist: CM-6(b) +- stigid@rhel8: RHEL-08-040340 ++ stigid@almalinux8: RHEL-08-040340 + + template: + name: sshd_lineinfile +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +index b1d33d3f..77e493e0 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +@@ -39,7 +39,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 +- stigid@rhel8: RHEL-08-010830 ++ stigid@almalinux8: RHEL-08-010830 + + ocil_clause: 'PermitUserEnvironment is not disabled' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +index 9eeb8f89..fa24d532 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-010500 ++ stigid@almalinux8: RHEL-08-010500 + + ocil_clause: 'it is commented out or is not enabled' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +index 2eb688c1..bb039742 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +@@ -43,7 +43,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-010040 ++ stigid@almalinux8: RHEL-08-010040 + + {{{ complete_ocil_entry_sshd_option(default="no", option="Banner", value="/etc/issue") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +index cb15b1e9..61113719 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +@@ -32,7 +32,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-020350 ++ stigid@almalinux8: RHEL-08-020350 + + ocil_clause: 'it is commented out or is not enabled' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +index f3f15251..2c086bc4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +@@ -22,7 +22,7 @@ identifiers: + references: + ospp: FCS_SSHS_EXT.1 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-040161 ++ stigid@almalinux8: RHEL-08-040161 + + ocil_clause: 'it is commented out or is not set' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +index b9834e6d..8b86e146 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + sed -e '/RekeyLimit/d' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +index 5b54ab89..4213bc15 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +index 19151f02..48308d6e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +@@ -52,7 +52,7 @@ references: + iso27001-2013: A.12.4.1,A.12.4.3,A.14.1.1,A.14.2.1,A.14.2.5,A.18.1.4,A.6.1.2,A.6.1.5,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,12,13,14,15,16,18,3,5,7,8 + anssi: BP28(R29) +- stigid@rhel8: RHEL-08-010200 ++ stigid@almalinux8: RHEL-08-010200 + + requires: + - sshd_set_keepalive +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +index 16e31302..71125a8d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +index 2451c164..67e21b52 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh +index 4cc6d659..5e911b46 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + # profiles = xccdf_org.ssgproject.content_profile_cis +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + #!/bin/bash + SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +index bc0c4784..3b775739 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + # profiles = xccdf_org.ssgproject.content_profile_cis +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + #!/bin/bash + SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +index 42cb32e3..42ad288e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019,wrlinux8 + + title: 'Use Only FIPS 140-2 Validated Ciphers' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +index 13997f94..12ae0f32 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,wrlinux1019 + + title: 'Use Only FIPS 140-2 Validated MACs' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +index 798c4043..322c83cd 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config + echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +index 19faca73..22bf6bdc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +index 77330241..c5adffff 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config + echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +index 8d33596e..beafbd6d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +index 85999877..907445e2 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + # TODO: The plan is not to need this for RHEL>=8.4 + # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'SSH server uses strong entropy to seed' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +index f4f8c22f..1884e87d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG=1' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +index 70f53ac2..54420303 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG=32' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +index 1e5f0b29..bb5137b2 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + rm -f /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +index a10d24a7..d0b4e3a9 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG="32"' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +index 664db5e6..83c1cb29 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Prevent remote hosts from connecting to the proxy display' + +@@ -30,7 +30,7 @@ references: + stig@ol7: OL07-00-040711 + disa: CCI-000366 + nist: CM-6(b) +- stigid@rhel8: RHEL-08-040341 ++ stigid@almalinux8: RHEL-08-040341 + + ocil_clause: "the display proxy is listening on wildcard address" + +diff --git a/linux_os/guide/services/sssd/group.yml b/linux_os/guide/services/sssd/group.yml +index c093cd34..cdbcfd8c 100644 +--- a/linux_os/guide/services/sssd/group.yml ++++ b/linux_os/guide/services/sssd/group.yml +@@ -9,13 +9,5 @@ description: |- + support to systems utilizing SSSD. SSSD using caching to reduce load on authentication + servers permit offline authentication as well as store extended user data. + <br /><br /> +- For more information, see +- {{%- if product == "rhel7" -%}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/SSSD.html") }}} +- {{%- elif product == "rhel8" -%}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/installing-an-ipa-client-basic-scenario_installing-identity-management#sssd-deployment-operations_install-client-basic") }}} +- {{%- elif product == "ol7" -%}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-sssd-auth.html") }}} +- {{%- endif %}} + + platform: sssd +diff --git a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +index ec0cf86d..dce874ce 100644 +--- a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml ++++ b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install sssd-ipa Package' + +diff --git a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +index 137177c7..ab2ba445 100644 +--- a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml ++++ b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Install the SSSD Package' + +diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +index 0ee77aae..e49a0e31 100644 +--- a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml ++++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable the SSSD Service' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +index a0567424..90db9075 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +index 202fc7f4..711cc57c 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +index 614f597e..1c617584 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +index 570aa1ba..27cc0264 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate Location' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +index 891b3e2f..6cb0bce2 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +index 62c2febc..ce073f12 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +index 731b7c08..f8010bbe 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +index b38bc41f..33c5c903 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +index 805f7ad3..6046494d 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +index 452de1d0..020bbad1 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +index 3c029111..938c719f 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +index 426635c8..f0e5aec4 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure PAM in SSSD Services' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +index 010b4b87..03e87e16 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +index ddd141f0..ee070eb3 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +index bcf9d58e..81ee8f3c 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4 + + title: 'Enable Smartcards in SSSD' + +@@ -38,7 +38,7 @@ references: + srg: SRG-OS-000375-GPOS-00160 + vmmsrg: SRG-OS-000107-VMM-000530 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020250 ++ stigid@almalinux8: RHEL-08-020250 + + ocil_clause: 'smart cards are not enabled in SSSD' + +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +index dd89d1f4..ab897c72 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +index 8bc689da..e697f252 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +index 457a25be..f7993498 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure SSSD''s Memory Cache to Expire' + +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +index 585d5114..349c94a4 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +index dbc68b00..da10c2c4 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +index 09ee5187..74866001 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4 + + title: 'Configure SSSD to Expire Offline Credentials' + +@@ -36,7 +36,7 @@ references: + cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-020290 ++ stigid@almalinux8: RHEL-08-020290 + + ocil_clause: 'it does not exist or is not configured properly' + +diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +index e46d5aea..1d2a6f3d 100644 +--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + found=false + for f in $( ls /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf 2> /dev/null ) ; do +diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +index 30599cf5..ef9dac61 100644 +--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Configure SSSD to run as user sssd' + +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +index 5bbe0ece..58a41ada 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +index e957d1c6..baadbdef 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +index 83b30c9d..59135b29 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure SSSD to Expire SSH Known Hosts' + +diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +index b2fc36bb..eee7c168 100644 +--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Log USBGuard daemon audit events using Linux Audit' + +@@ -23,7 +23,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000062-GPOS-00031 +- stigid@rhel8: RHEL-08-030603 ++ stigid@almalinux8: RHEL-08-030603 + + ocil_clause: 'AuditBackend is not set to LinuxAudit' + +diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +index f23176d8..812ec16a 100644 +--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install usbguard Package' + +diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +index 918a2994..fe8aa1ff 100644 +--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Enable the USBGuard Service' + +@@ -24,7 +24,7 @@ references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000378-GPOS-00163 + ism: "1418" +- stigid@rhel8: RHEL-08-040140 ++ stigid@almalinux8: RHEL-08-040140 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_allow_hid/bash/shared.sh +index 08045d58..16c8f6b5 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/bash/shared.sh ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + # path of file with Usbguard rules + rulesfile="/etc/usbguard/rules.conf" +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +index 2567ba5e..ad81abe0 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Authorize Human Interface Devices in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/bash/shared.sh +index a2e334c8..884ba0c6 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/bash/shared.sh ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + + echo "allow with-interface match-all { 03:*:* 09:00:* }" >> /etc/usbguard/rules.conf +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +index fdc6c19a..c0da2f53 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_allow_hub/bash/shared.sh +index 47d58963..19907534 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/bash/shared.sh ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + + echo "allow with-interface match-all { 09:00:* }" >> /etc/usbguard/rules.conf +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +index 17a8a8d5..054b9f5f 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Authorize USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +index 789b8464..d9286069 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Remove the X Windows Package Group' + +@@ -9,7 +9,7 @@ description: |- + installed. If X Windows is not installed then the system cannot boot into graphical user mode. + This prevents the system from being accidentally or maliciously booted into a <tt>graphical.target</tt> + mode. To do so, run the following command: +- {{%- if product == "rhel8" or product == "rhv4" -%}} ++ {{%- if product == "rhel8" or product == "rhv4" or product == "almalinux8" -%}} + <pre>$ sudo {{{ pkg_manager }}} groupremove base-x</pre> + {{%- else %}} + <pre>$ sudo {{{ pkg_manager }}} groupremove "X Window System"</pre> +@@ -40,7 +40,7 @@ references: + iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.14.1.3,A.6.2.1,A.6.2.2 + cis-csc: 12,15,8 + cis@sle15: 2.2.2 +- stigid@rhel8: RHEL-08-040320 ++ stigid@almalinux8: RHEL-08-040320 + + ocil_clause: 'the X Windows package group or xorg-x11-server-common has not be removed' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +index 72a3c541..4780ae38 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh +index 289a3848..d9ecbd54 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +index a1d60c3b..5132de2c 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,rhv4 + + title: 'Disable X Windows Startup By Setting Default Target' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +index f7837a25..232f3740 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + systemctl set-default multi-user.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +index dc698edc..bd52c73a 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +index 5a20e8ce..5c80ef64 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + systemctl set-default graphical.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +index 408409b9..3cc5a7b9 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +index ff6b6eab..d0b558b6 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +index f6d5f160..3f901f27 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +index 5e008467..3426177c 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Modify the System Login Banner' + +@@ -71,7 +71,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-010060 ++ stigid@almalinux8: RHEL-08-010060 + + ocil_clause: 'it does not display the required banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +index e82619db..df040f30 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +index 4a3844a7..bf49e397 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +index 255c438c..7be75325 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Modify the System Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +index 00fc602b..97e35c95 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify Group Ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +index a073bcbf..1c5fee0f 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +index 79ec35d9..f19283b7 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +index 8d81ea7c..fa623eb5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index e425f8f6..eeaa7c65 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index d6141d2f..ac8961d0 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +index 4a0da070..d291de86 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/bash/shared.sh +index 1f6c229d..f7c77d04 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/login-screen", "banner-message-enable", "true", "gdm.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +index 47c4edad..b1ab29ef 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Enable GNOME3 Login Warning Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +index 7862ac20..88092b1b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh +index 0f60c14e..f6636dce 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +index 135f15e1..12c549ab 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Set the GNOME3 Login Warning Banner Text' + +@@ -47,7 +47,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-010050 ++ stigid@almalinux8: RHEL-08-010050 + + ocil_clause: 'it does not' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +index dca4b8e9..a58d47b5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_stig + + source $SHARED/dconf_test_functions.sh +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh +index 96386811..c445de50 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_stig + + source $SHARED/dconf_test_functions.sh +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh +index cd65f885..060fea03 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/wrong_value_stig.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_stig + + source $SHARED/dconf_test_functions.sh +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +index 1190adf8..e0244f49 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + if grep -q "^session.*pam_lastlog.so" /etc/pam.d/postlogin; then + sed -i --follow-symlinks "/pam_lastlog.so/d" /etc/pam.d/postlogin +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +index a6eefa9c..1b9d041c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +@@ -38,7 +38,7 @@ references: + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 + ism: 0582,0584,05885,0586,0846,0957 +- stigid@rhel8: RHEL-08-020340 ++ stigid@almalinux8: RHEL-08-020340 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml +index 59a251e0..1d921641 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh +index 8942cb0b..a87fa4fb 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then + echo "session required pam_namespace.so" >> "/etc/pam.d/login" + fi +\ No newline at end of file +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +index 8e713fe2..886d6037 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Set Up a Private Namespace in PAM Configuration + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +index 905acc32..d2969e41 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +index e0dabe67..543d2e2c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +index 78247557..287f84ba 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Limit Password Reuse' + +@@ -46,7 +46,7 @@ references: + cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-020220 ++ stigid@almalinux8: RHEL-08-020220 + + ocil_clause: 'the value of remember is not set equal to or greater than the expected setting' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +index 0622ae76..8359d1fa 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +index 3157d341..9af8913c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +index 85a0ba18..1dd6f0cc 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Set Deny For Failed Password Attempts' + +@@ -47,7 +47,7 @@ references: + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020010 ++ stigid@almalinux8: RHEL-08-020010 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +index d81d8d87..28148b44 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +index d43c33d2..57b4374d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +index fb7a2d37..627052fd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Configure the root Account for Failed Password Attempts' + +@@ -44,7 +44,7 @@ references: + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020022 ++ stigid@almalinux8: RHEL-08-020022 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +index 17c9932d..54394e8c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,almalinux8 + + title: 'Enforce pam_faillock for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +index 96adcef6..b158fee5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +index 87310288..8b7a7bdd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # include our remediation functions library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +index 6bc0f02a..71ee1fcf 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15,rhv4 + + title: 'Set Interval For Counting Failed Password Attempts' + +@@ -53,7 +53,7 @@ references: + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020012 ++ stigid@almalinux8: RHEL-08-020012 + + ocil_clause: 'fail_interval is less than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +index db44ce4f..329103e5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +index 7e36721d..4561783d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +index ead8f697..02fa9d9d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Set Lockout Time for Failed Password Attempts' + +@@ -50,7 +50,7 @@ references: + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020014 ++ stigid@almalinux8: RHEL-08-020014 + + ocil_clause: 'unlock_time is less than the expected value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +index 11040cfa..2143ade7 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +@@ -46,7 +46,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020130 ++ stigid@almalinux8: RHEL-08-020130 + + ocil_clause: 'dcredit is not found or not equal to or less than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +index d659f480..a36c0004 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' + +@@ -47,7 +47,7 @@ references: + cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-020170 ++ stigid@almalinux8: RHEL-08-020170 + + ocil_clause: 'difok is not found or not equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +index ffbb0147..cd7a9d09 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,almalinux8 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +index a3f02884..4f7083ea 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,almalinux8 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +index 08635437..8dc2865e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +@@ -45,7 +45,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020120 ++ stigid@almalinux8: RHEL-08-020120 + + ocil_clause: 'lcredit is not found or not less than or equal to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +index 5bac335e..6e282c17 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' + +@@ -38,7 +38,7 @@ references: + cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-020140 ++ stigid@almalinux8: RHEL-08-020140 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +index 42d5584a..250dd698 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Set Password Maximum Consecutive Repeating Characters' + +@@ -40,7 +40,7 @@ references: + cobit5: DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-020150 ++ stigid@almalinux8: RHEL-08-020150 + + ocil_clause: 'maxrepeat is not found or not greater than or equal to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 3e71d909..1526d077 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +@@ -53,7 +53,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020160 ++ stigid@almalinux8: RHEL-08-020160 + + ocil_clause: 'minclass is not found or not set equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index a79a03f3..cbc5fd7d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +@@ -44,7 +44,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020230 ++ stigid@almalinux8: RHEL-08-020230 + + ocil_clause: 'minlen is not found, or not equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +index dd05085f..cbb5ed6e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +@@ -46,7 +46,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020280 ++ stigid@almalinux8: RHEL-08-020280 + + ocil_clause: 'ocredit is not found or not equal to or less than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +index af3010be..47ab5f6a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh +index f69152b2..83cf601f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_retry") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index 90f74b2d..b2a90325 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +@@ -38,7 +38,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,11,12,15,16,3,5,9 +- stigid@rhel8: RHEL-08-020100 ++ stigid@almalinux8: RHEL-08-020100 + + ocil_clause: 'it is not the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +index 5a656a42..ff396279 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +@@ -43,7 +43,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020110 ++ stigid@almalinux8: RHEL-08-020110 + + ocil_clause: 'ucredit is not found or not set less than or equal to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +index f0b884d9..59e66c07 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +index f929a6e9..9145de3b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + LIBUSER_CONF="/etc/libuser.conf" + CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +index 57c63cb1..28039795 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Set Password Hashing Algorithm in /etc/libuser.conf' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +index 8dedf993..51c76b11 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +index 377570ae..c6ed161b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +index bbfcd7fc..26bdc3a7 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Set Password Hashing Algorithm in /etc/login.defs' + +@@ -42,7 +42,7 @@ references: + cis-csc: 1,12,15,16,5 + anssi: BP28(R32) + ism: 0418,1055,1402 +- stigid@rhel8: RHEL-08-010110 ++ stigid@almalinux8: RHEL-08-010110 + + ocil_clause: 'it does not' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +index 02af406f..67248912 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index 40f5a16f..3a31f64e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: "Set PAM's Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml +index 749cb4a7..0e762bd3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = disable + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +index 7d4faedf..8e068a06 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +index 6514bf41..3c07c425 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +index 7192666f..c9130cc7 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable Ctrl-Alt-Del Burst Action' + +@@ -37,7 +37,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-040172 ++ stigid@almalinux8: RHEL-08-040172 + + ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml +index 8ea1de86..a4edf584 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = disable + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +index 2b70d22d..3ee92050 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +@@ -1,8 +1,7 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + {{%- if init_system == "systemd" -%}} +-{{% if product in ["rhel7", "rhel8"] %}} +-# The process to disable ctrl+alt+del has changed in RHEL7. +-# Reference: https://access.redhat.com/solutions/1123873 ++{{% if product in ["rhel7", "rhel8", "almalinux8"] %}} ++# The process to disable ctrl+alt+del has changed in RHEL7. + {{% endif %}} + systemctl mask --now ctrl-alt-del.target + {{%- else -%}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +index 6066c939..bb3114c2 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Disable Ctrl-Alt-Del Reboot Activation' + +@@ -47,7 +47,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-040170 ++ stigid@almalinux8: RHEL-08-040170 + + ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +index cc333ea2..2799c151 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + systemctl mask --now ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +index 74342f02..9582fbea 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + systemctl unmask ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml +index 9e69fdf4..9eabacb9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh +index 08876d7a..ad55d965 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +index 76e58ca5..5c48c152 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Verify that Interactive Boot is Disabled' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +index 9e9556cb..610dcf76 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +@@ -9,7 +9,7 @@ + create: yes + dest: /usr/lib/systemd/system/emergency.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +index d8640d84..462a8279 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +@@ -1,8 +1,8 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + service_file="/usr/lib/systemd/system/emergency.service" + +-{{% if product in ["fedora", "rhel8", "ol8"] -%}} ++{{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +index 51de85f6..9f2b3780 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +@@ -12,7 +12,7 @@ + </definition> + <ind:textfilecontent54_test check="all" check_existence="all_exist" + comment="Tests that +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + /usr/lib/systemd/systemd-sulogin-shell + {{%- else -%}} + /sbin/sulogin +@@ -24,7 +24,7 @@ + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="obj_require_emergency_service" version="1"> + <ind:filepath>/usr/lib/systemd/system/emergency.service</ind:filepath> +- {{%- if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{%- if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + <ind:pattern operation="pattern match">^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency</ind:pattern> + {{%- else -%}} + <ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern> +@@ -43,8 +43,8 @@ + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + +- <unix:file_test check="all" check_existence="at_least_one_exists" +- comment="look for emergency.service in /etc/systemd/system" ++ <unix:file_test check="all" check_existence="at_least_one_exists" ++ comment="look for emergency.service in /etc/systemd/system" + id="test_no_custom_emergency_service" version="1"> + <unix:object object_ref="object_no_custom_emergency_service" /> + </unix:file_test> +@@ -55,7 +55,7 @@ + <unix:filename operation="pattern match">^emergency.service$</unix:filename> + </unix:file_object> + +- <unix:file_test check="all" check_existence="at_least_one_exists" ++ <unix:file_test check="all" check_existence="at_least_one_exists" + comment="look for emergency.target in /etc/systemd/system" + id="test_no_custom_emergency_target" version="1"> + <unix:object object_ref="object_no_custom_emergency_target" /> +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index f9959f07..345fe440 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +@@ -50,7 +50,7 @@ ocil: |- + To check if authentication is required for emergency mode, run the following command: + <pre>$ grep sulogin /usr/lib/systemd/system/emergency.service</pre> + The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. + <pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue</pre> + {{%- else -%}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +index d3cd3035..c94f7b5f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +index 9fa5cf84..2aec856e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +index 4164c163..186cc053 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +@@ -10,7 +10,7 @@ + create: yes + dest: /usr/lib/systemd/system/rescue.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" + {{%- else -%}} + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +index b022a8e2..3d7cf90c 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +@@ -1,10 +1,10 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{% if init_system == "systemd" -%}} + + service_file="/usr/lib/systemd/system/rescue.service" + +-{{% if product in ["fedora", "rhel8", "ol8"] -%}} ++{{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue" + {{%- else -%}} + sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +index a560a3fc..29ee7109 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +@@ -20,7 +20,7 @@ + {{%- if init_system == "systemd" -%}} + <ind:textfilecontent54_test check="all" check_existence="all_exist" + comment="Tests that +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + /usr/lib/systemd/systemd-sulogin-shell + {{%- else -%}} + /sbin/sulogin +@@ -32,7 +32,7 @@ + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="obj_require_rescue_service" version="1"> + <ind:filepath>/usr/lib/systemd/system/rescue.service</ind:filepath> +- {{%- if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{%- if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + <ind:pattern operation="pattern match">^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue</ind:pattern> + {{%- else -%}} + <ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern> +@@ -51,8 +51,8 @@ + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + +- <unix:file_test check="all" check_existence="at_least_one_exists" +- comment="look for rescue.service in /etc/systemd/system" ++ <unix:file_test check="all" check_existence="at_least_one_exists" ++ comment="look for rescue.service in /etc/systemd/system" + id="test_no_custom_rescue_service" version="1"> + <unix:object object_ref="object_no_custom_rescue_service" /> + </unix:file_test> +@@ -63,7 +63,7 @@ + <unix:filename operation="pattern match">^rescue.service$</unix:filename> + </unix:file_object> + +- <unix:file_test check="all" check_existence="at_least_one_exists" ++ <unix:file_test check="all" check_existence="at_least_one_exists" + comment="look for runlevel1.target in /etc/systemd/system" + id="test_no_custom_runlevel1_target" version="1"> + <unix:object object_ref="object_no_custom_runlevel1_target" /> +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +index 8acaaa86..98580471 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Require Authentication for Single User Mode' + +@@ -44,7 +44,7 @@ references: + iso27001-2013: A.18.1.4,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,14,15,16,18,3,5 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-010151 ++ stigid@almalinux8: RHEL-08-010151 + + ocil_clause: 'the output is different' + +@@ -53,7 +53,7 @@ ocil: |- + To check if authentication is required for single-user mode, run the following command: + <pre>$ grep sulogin /usr/lib/systemd/system/rescue.service</pre> + The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. + <pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue</pre> + {{%- else -%}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +index f8cd337b..19925a1e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +index 0d76d825..ba2681b0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh +index 0c544bfb..0b6fa7c1 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + if ! grep -x ' case "$name" in sshd|login) exec tmux ;; esac' /etc/bashrc; then + cat >> /etc/bashrc <<'EOF' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +index 2582145a..a7831c8a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhcos4 + + title: 'Support session locking with tmux' + +@@ -21,7 +21,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000031-GPOS-00012 +- stigid@rhel8: RHEL-08-020041 ++ stigid@almalinux8: RHEL-08-020041 + + ocil_clause: 'exec tmux is not present at the end of bashrc' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +index dc63eb65..dc693130 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh +index 233047af..33549331 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + tmux_conf="/etc/tmux.conf" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +index fe99051e..4e725c55 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure tmux to lock session after inactivity' + +@@ -22,7 +22,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000029-GPOS-00010 +- stigid@rhel8: RHEL-08-020070 ++ stigid@almalinux8: RHEL-08-020070 + + ocil_clause: 'lock-after-time is not set or set to zero' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh +index f2430618..b2e711bd 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + tmux_conf="/etc/tmux.conf" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +index 88ce99f4..982a6f9a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure the tmux Lock Command' + +@@ -26,7 +26,7 @@ identifiers: + references: + disa: CCI-000056,CCI-000058 + nist: AC-11(a),AC-11(b),CM-6(a) +- stigid@rhel8: RHEL-08-020040 ++ stigid@almalinux8: RHEL-08-020040 + + vmmsrg: SRG-OS-000028-VMM-000090,SRG-OS-000030-VMM-000110 + srg: SRG-OS-000028-GPOS-00009 +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh +index dacc9147..8a7eebd0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo > '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh +index 3b5a134b..34b13717 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo '# set -g lock-command vlock' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh +index 7862a7e9..d1806b59 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo 'set -g lock-command vlock' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh +index e747275d..07b43ed4 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo 'set -g lock-command locker' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh +index 45c43e8d..441cef39 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + if grep -q 'tmux$' /etc/shells ; then + sed -i '/tmux$/d' /etc/shells +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +index 2c7b96bb..3e38caae 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +index cd62ece7..44eb2ac3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhcos4 + + title: 'Prevent user from disabling the screen lock' + +@@ -22,7 +22,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000324-GPOS-00125 +- stigid@rhel8: RHEL-08-020042 ++ stigid@almalinux8: RHEL-08-020042 + + ocil_clause: 'tmux is listed in /etc/shells' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +index c900612b..932d61a0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhv4,rhcos4 + + title: 'Install the tmux Package' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml +index 37602754..5834c77f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh +index 4e80be4f..28db2a10 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +index a4f72afa..8f088eb5 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure opensc Smart Card Drivers' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml +index f05423c0..4334b8a3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh +index 7c763a87..df907379 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +index 435d299d..5a22b413 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Force opensc To Use Defined Smart Card Driver' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml +index 54524233..3697fd65 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml +@@ -5,7 +5,7 @@ title: 'Hardware Tokens for Authentication' + description: |- + The use of hardware tokens such as smart cards for system login + provides stronger, two-factor authentication than using a username and password. +- {{% if product in ['ol7', 'ol8'] %}} ++ {{% if product in ['ol7', 'ol8', 'almalinux8'] %}} + In {{{ full_name }}} servers, hardware token login + {{% else %}} + In Red Hat Enterprise Linux servers and workstations, hardware token login +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +index d64240dc..e8ff81fb 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,rhel7,rhel8 ++prodtype: fedora,ol7,rhel7,rhel8,almalinux8 + + title: 'Install Smart Card Packages For Multifactor Authentication' + +@@ -37,7 +37,7 @@ references: + nist: CM-6(a) + srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162 + stigid@rhel7: RHEL-07-041001 +- stigid@rhel8: RHEL-08-010390 ++ stigid@almalinux8: RHEL-08-010390 + + ocil_clause: 'smartcard software is not installed' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +index 74da38fa..ecc1cfe9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install the opensc Package For Multifactor Authentication' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000375-GPOS-00160 + vmmsrg: SRG-OS-000376-VMM-001520 + ism: 1382,1384,1386 +- stigid@rhel8: RHEL-08-010410 ++ stigid@almalinux8: RHEL-08-010410 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +index e2a96fa2..2e308fa7 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install the pcsc-lite package' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +index cc45c990..46330fa5 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the pcscd Service' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml +index 12203253..d0796096 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth/rule.yml +@@ -5,23 +5,7 @@ prodtype: fedora,ol7,rhel7 + title: 'Enable Smart Card Login' + + description: |- +- To enable smart card authentication, consult the documentation at: +- <ul> +- {{% if product == "rhel7" %}} +- <li><b>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/smartcards.html#authconfig-smartcards") }}}</b></li> +- {{% elif product == "rhel8" %}} +- <li><b>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System-Level_Authentication_Guide/smartcards.html#authconfig-smartcards") }}}</b></li> +- {{% elif product == "ol7" %}} +- <li><b>{{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-s4-auth.html") }}}</b></li> +- {{% endif %}} +- </ul> +- +- {{% if product != "ol7" %}} +- For guidance on enabling SSH to authenticate against a Common Access Card (CAC), consult documentation at: +- <ul> +- <li><b>{{{ weblink(link="https://access.redhat.com/solutions/82273") }}}</b></li> +- </ul> +- {{% endif %}} ++ To enable smart card authentication, consult the documentation. + + rationale: |- + Smart card login provides two-factor authentication stronger than +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh +index d02a9674..9bdafdc1 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + # Install required packages + if ! rpm --quiet -q pam_pkcs11; then yum -y -d 1 install pam_pkcs11; fi +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +index 1088282c..da5f46af 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Configure Smart Card Certificate Status Checking' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +index 85d8288f..9e5cf3f3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +index 1f712eed..e32ac69e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable debug-shell SystemD Service' + +@@ -32,7 +32,7 @@ references: + hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) + ospp: FIA_UAU.1 + srg: SRG-OS-000324-GPOS-00125 +- stigid@rhel8: RHEL-08-040180 ++ stigid@almalinux8: RHEL-08-040180 + + ocil: '{{{ ocil_service_disabled(service="debug-shell") }}}' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +index 74598bc7..680caf4b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +index c8c2a90e..c42ae5d6 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +index 7e6b5d79..0d6bdb24 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Set Account Expiration Following Inactivity' + +@@ -47,7 +47,7 @@ references: + cobit5: DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.12.4.1,A.12.4.3,A.18.1.4,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,12,13,14,15,16,18,3,5,7,8 +- stigid@rhel8: RHEL-08-020260 ++ stigid@almalinux8: RHEL-08-020260 + + ocil_clause: 'the value of INACTIVE is greater than the expected value' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +index c3a2a13b..0825c6e9 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4,sle12 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4,sle12 + + title: 'Assign Expiration Date to Temporary Accounts' + +@@ -44,7 +44,7 @@ references: + iso27001-2013: A.12.4.1,A.12.4.3,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,12,13,14,15,16,18,3,5,7,8 + stigid@sle12: SLES-12-010360 +- stigid@rhel8: RHEL-08-020000 ++ stigid@almalinux8: RHEL-08-020000 + + ocil_clause: 'any temporary or emergency accounts have no expiration date set or do not expire within a documented time frame' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +index bed135a4..1df8f3a2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +index 135eb49d..2ad49f24 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_fedora + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +index 15ccf530..f5627a09 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +@@ -47,7 +47,7 @@ references: + iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + ism: 0418,1055,1402 +- stigid@rhel8: RHEL-08-020200 ++ stigid@almalinux8: RHEL-08-020200 + + ocil_clause: 'PASS_MAX_DAYS is not set equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +index 0c81c0ee..29f31c65 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/shared.sh +index 870b5b1c..8086a390 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_minimum_age_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +index 36a611e3..64653d2e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +@@ -45,7 +45,7 @@ references: + cis-csc: 1,12,15,16,5 + cis@rhel8: 5.5.1.2 + ism: 0418,1055,1402 +- stigid@rhel8: RHEL-08-020190 ++ stigid@almalinux8: RHEL-08-020190 + + ocil_clause: 'it is not equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +index eee37bda..a231fa41 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +index eb412139..14568ee2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + declare var_accounts_password_minlen_login_defs + {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +index f9884fd9..e35042d7 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +@@ -42,7 +42,7 @@ references: + cis-csc: 1,12,15,16,5 + srg: SRG-OS-000078-GPOS-00046 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 +- stigid@rhel8: RHEL-08-020231 ++ stigid@almalinux8: RHEL-08-020231 + + ocil_clause: 'it is not set to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh +index c1acf5e2..9b209867 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh +index 0e31bd79..a2ff1105 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh +index 88509363..64a38232 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh +index bd7ed7a2..78ff205e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh +index 88ecd439..678d3b6d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +index 0ef1fcfe..a7b31ebc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Set Existing Passwords Maximum Age' + +@@ -31,7 +31,7 @@ references: + vmmsrg: SRG-OS-000076-VMM-000430 + stigid@rhel7: RHEL-07-010260 + stigid@sle12: SLES-12-010290 +- stigid@rhel8: RHEL-08-020210 ++ stigid@almalinux8: RHEL-08-020210 + + ocil_clause: 'existing passwords are not configured correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +index cc073067..ddd81b28 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Set Existing Passwords Minimum Age' + +@@ -31,7 +31,7 @@ references: + vmmsrg: SRG-OS-000075-VMM000420 + stigid@rhel7: RHEL-07-010240 + stigid@sle12: SLES-12-010260 +- stigid@rhel8: RHEL-08-020180 ++ stigid@almalinux8: RHEL-08-020180 + + ocil_clause: 'existing passwords are not configured correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +index 1091f8c8..00da1b03 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/bash/shared.sh +index 800eecc8..013554db 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_password_warn_age_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +index 85f98d2f..4f2f1232 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +index 258a7615..ef4ea1fc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +index 5c605e71..5ac06a9e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Set number of Password Hashing Rounds - password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +index e7dccf38..21382076 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +index b2c81662..b6a5e1f1 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +index 7a8c816e..3b20bfe4 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Set number of Password Hashing Rounds - system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +index db35dac3..b5c8d349 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +index 837c46b2..cf1e4f4d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + sed --follow-symlinks -i 's/\<nullok\>//g' /etc/pam.d/system-auth + sed --follow-symlinks -i 's/\<nullok\>//g' /etc/pam.d/password-auth +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +index 288d0b8b..43d9f31a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +index df6da6b9..b71df51a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +@@ -45,7 +45,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.10 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,12,13,14,15,16,18,3,5 +- stigid@rhel8: sshd_disable_empty_passwords ++ stigid@almalinux8: sshd_disable_empty_passwords + + ocil_clause: 'NULL passwords can be used' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml +index acf0496e..7f1fb69d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/bash/shared.sh +index 524cf10d..8aeec4e0 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + + if grep -q '^\+' /etc/group; then + # backup old file to /etc/group- +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +index ba40c093..5688cafc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/group' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml +index 5baef258..84ddc1e0 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/bash/shared.sh +index 4bb73e01..4223e2d1 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + + if grep -q '^\+' /etc/passwd; then + # backup old file to /etc/passwd- +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +index ef2266df..22e139b5 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/passwd' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml +index c969414d..7b71e4ce 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/bash/shared.sh +index f8874c9f..e7655a31 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + + if grep -q '^\+' /etc/shadow; then + # backup old file to /etc/shadow- +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +index 687bbde8..f16f07eb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/shadow' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/bash/shared.sh +index 02277be1..5734684c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/bash/shared.sh +@@ -1,2 +1,2 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_rhv,multi_platform_sle + awk -F: '$3 == 0 && $1 != "root" { print $1 }' /etc/passwd | xargs --max-lines=1 passwd -l +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +index 6b3c71fa..0231bf8b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +@@ -42,7 +42,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.02,DSS06.03,DSS06.10 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.18.1.4,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-040200 ++ stigid@almalinux8: RHEL-08-040200 + + ocil_clause: 'any account other than root has a UID of 0' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +index 6fbb7c72..d8e71c19 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +index c504acf6..33454d53 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +index b5bfabab..6742eeb2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Restrict Web Browser Use for Administrative Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +index e47a67a2..a3859a0e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +index 5f9c92aa..119219eb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +index 947c9f77..8ce86ec8 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Root Path Must Be Vendor Default' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +index 94594008..c71e3c69 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +index 7194be9c..33bf1622 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +index d001e733..7c7000ed 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # uncomment the option if commented + sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index 4cd0aaa8..b2729656 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml +index e53f7863..f8bfacd0 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh +index be3cc99c..6770cf9e 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora + + {{{ set_config_file("/etc/login.defs", "CREATE_HOME", "yes", create=true, insert_after="", insert_before="^\s*CREATE_HOME", insensitive=true) }}} +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +index 9e19b908..563b28de 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,fedora ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019,fedora + + title: 'Ensure Home Directories are Created for New Users' + +@@ -29,7 +29,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020610 + stigid@sle12: SLES-12-010720 +- stigid@rhel8: RHEL-08-010760 ++ stigid@almalinux8: RHEL-08-010760 + + ocil_clause: 'the value of CREATE_HOME is not set to yes, is missing, or the line is commented out' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +index cafb637d..e265ecc8 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # disruption = low + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +index a8a77c12..9a0dab76 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +index d1da3b69..a6af99f3 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +@@ -31,7 +31,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 +- stigid@rhel8: RHEL-08-020310 ++ stigid@almalinux8: RHEL-08-020310 + + ocil_clause: 'the above command returns no output, or FAIL_DELAY is configured less than the expected value' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +index 536ac295..d1bff5ff 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +index 65066e77..fd616495 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +index 5787380d..8e8921f3 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +@@ -37,7 +37,7 @@ references: + cobit5: DSS01.05,DSS05.02 + iso27001-2013: A.13.1.1,A.13.1.3,A.13.2.1,A.14.1.2,A.14.1.3 + cis-csc: 14,15,18,9 +- stigid@rhel8: RHEL-08-020024 ++ stigid@almalinux8: RHEL-08-020024 + + ocil_clause: 'maxlogins is not equal to or less than the expected value' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +index 1bd99ce7..a4f03471 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/bash/shared.sh +index 652c914c..d501a3fb 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + if ! [ -d /tmp/tmp-inst ] ; then + mkdir --mode 000 /tmp/tmp-inst + fi +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +index 81a86072..678586dd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh +index 38e95a8c..b47178b9 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + if ! [ -d /tmp-inst ] ; then + mkdir --mode 000 /var/tmp/tmp-inst + fi +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +index 2c304900..73892b52 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh +index ba01c7ec..b0ff7425 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_tmout") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 895290d0..3f8b5c3e 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,rhcos4 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +index 1bcfca2b..2335b0b4 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'User Initialization Files Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +index d41cc0cc..56976bda 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'User Initialization Files Must Not Run World-Writable Programs' + +@@ -29,7 +29,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020730 + stigid@sle12: SLES-12-010780 +- stigid@rhel8: RHEL-08-010660 ++ stigid@almalinux8: RHEL-08-010660 + + ocil_clause: 'files are executing world-writable programs' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +index da6dd8ed..9a1af6b8 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'User Initialization Files Must Be Owned By the Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +index 14392044..ce4a12e3 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Ensure that Users Path Contains Only Local Directories' + +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020720 + stigid@sle12: SLES-12-010770 +- stigid@rhel8: RHEL-08-010690 ++ stigid@almalinux8: RHEL-08-010690 + + ocil_clause: 'paths contain more than local home directories' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +index a4cf5c2b..26a464df 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive Users Must Have A Home Directory Defined' + +@@ -25,7 +25,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020600 + stigid@sle12: SLES-12-010710 +- stigid@rhel8: RHEL-08-010720 ++ stigid@almalinux8: RHEL-08-010720 + + ocil_clause: 'users home directory is not defined' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +index 1c8fb04d..1611a2fa 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive Users Home Directories Must Exist' + +@@ -31,7 +31,7 @@ references: + stigid@rhel7: RHEL-07-020620 + cis@rhel8: 6.2.20 + stigid@sle12: SLES-12-010730 +- stigid@rhel8: RHEL-08-010750 ++ stigid@almalinux8: RHEL-08-010750 + + ocil_clause: 'users home directory does not exist' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +index e3e46f02..36966e35 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +index 27399983..98cbac46 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +index fb57ff10..38beb341 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +index 6c70cc8a..b3bf758c 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +@@ -30,7 +30,7 @@ references: + stigid@rhel7: RHEL-07-020650 + cis@rhel8: 6.2.8 + stigid@sle12: SLES-12-010750 +- stigid@rhel8: RHEL-08-010740 ++ stigid@almalinux8: RHEL-08-010740 + + ocil_clause: 'the group ownership is incorrect' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +index 37cb36cd..173d831d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'All Interactive User Home Directories Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +index ef628020..0dafaaf4 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' + +@@ -27,7 +27,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020710 + stigid@sle12: SLES-12-010760 +- stigid@rhel8: RHEL-08-010770 ++ stigid@almalinux8: RHEL-08-010770 + + ocil_clause: 'they are not 0740 or more permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +index 561f9f13..c341a286 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' + +@@ -27,7 +27,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020630 + stigid@sle12: SLES-12-010740 +- stigid@rhel8: RHEL-08-010730 ++ stigid@almalinux8: RHEL-08-010730 + + ocil_clause: 'they are more permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +index ee5a118f..d939ce3d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +index a8301696..ec78ad7a 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index e06ae361..995d89bd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +@@ -32,7 +32,7 @@ references: + iso27001-2013: A.14.1.1,A.14.2.1,A.14.2.5,A.6.1.5 + cis-csc: '18' + srg: SRG-OS-000480-GPOS-00228 +- stigid@rhel8: RHEL-08-020353 ++ stigid@almalinux8: RHEL-08-020353 + + ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +index 716dede4..51ce94dd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +index fba52972..e84c410e 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Ensure the Default C Shell Umask is Set Correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +index 259997f7..acff4ae7 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +index f74cbfe5..b418c6da 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +index 0c86e6e9..28921dba 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +@@ -33,7 +33,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.1.1,A.14.2.1,A.14.2.2,A.14.2.3,A.14.2.4,A.14.2.5,A.6.1.5 + cis-csc: 11,18,3,9 + anssi: BP28(R35) +- stigid@rhel8: RHEL-08-020351 ++ stigid@almalinux8: RHEL-08-020351 + + ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/bash/shared.sh +index 12acd6e9..ab830fbd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +index f3648011..09d3ac95 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Ensure the Default Umask is Set Correctly For Interactive Users' + +@@ -25,7 +25,7 @@ references: + disa: CCI-000366,CCI-001814 + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-021040 +- stigid@rhel8: RHEL-08-020352 ++ stigid@almalinux8: RHEL-08-020352 + + ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +index 44a426e2..c5371765 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run chcon' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +index 8c7b3996..94d82259 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Any Attempts to Run restorecon' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +index 0b19258a..a437ca82 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run semanage' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +index af2cdfee..3b42c21e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Any Attempts to Run setfiles' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +index 8fa73ac5..13614af5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run setsebool' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +index 5b7be88b..e24454a7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Any Attempts to Run seunshare' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +index 02020a84..91843d9e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +index dd2c1a12..0750d698 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Record Successful Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +index 5aa12773..a280bd31 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +index ef1bd04b..a7f05515 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +index 8a809c65..85b4ef25 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +index fbe2a248..055fcdb9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +index 4de26ca4..2404fbe8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +index 35b0ab9d..6fbb2b6c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +index a9192fae..3af73f7c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +index f158bf7d..d8b3076b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +index e02f99b6..d329e633 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +index 79b0a707..67dcca93 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +index 19d2e35e..bb30374a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +index 22b5164d..6dc89c31 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +index e2e526cf..f44065c6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +index bcf48d59..828ce94d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +index 4285ce7d..c7d0bfdf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index 8173344c..84002135 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +index 8c902371..fae66975 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +index 701b7964..e6d3299a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +index 032c3ebd..76356871 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +index 2b9a474c..ab46b768 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +index 8382764c..5e8acd00 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +index 61cb9be1..06bdb1b8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +index 142bf75d..fad7a325 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +index c2ab4174..0e6a0b25 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +index 7e737d6a..60e0aee8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +index 43622f29..7e68156e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +index b3c54bf8..71859490 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +index a2110080..47ac027d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +index cdde2eab..22c19a72 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +index bb91b766..68786f71 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +index 3f0b1b53..c5549e59 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index b5abef23..861f7c76 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +index 1acb1346..2cc78347 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +index 2bf620b4..0d7cbc58 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +index 278b34c9..a315e213 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +index 15257c5f..1c471bbe 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +index 9914de51..c7606a6f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +index 44f00715..25dc43bd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 9ed6b366..c8bc1441 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +index 884939d4..d0ebe1ce 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +index 0a99fff5..799f7b25 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +index bed13e9f..9bfbb5f6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index 97aa7710..506f6ee1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 28076744..ab83abfa 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +index 9ee9f9fe..f0cff2b5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index 3460a48f..802f933f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +index 30cb64b4..023810b7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +index a7819c14..06e23536 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +index ec871cf6..39572f4c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +index 02ffe9ae..1b7bb790 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index f1699ab1..47e291c6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +index 9cfb3289..fb59192b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +index 2ed974e4..c8a29eee 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +index ea7291c1..196bf05c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +index 531676d4..376e50b9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +index a85dd692..2da9de2c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +index 87a7ec0b..60473ee1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +index 7dae6259..30f86107 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 60d98c58..59cf3a46 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +index 43e94bd3..9a766b2b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +index be69e8eb..468f90c3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Unsuccessul Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +index 8421076f..69186715 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh +index 9e61ec32..dbfeb520 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +index c7b605ec..1ef6d296 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh +index 9d921825..ece31ef5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 0997c1c6..fdf2f877 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +index 3f3c3e3d..73a821c6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh +index 17769226..d3c274e9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index f54035bf..69a01414 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +index d804bbd0..30298f70 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh +index 3ae972e4..f34ff904 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index 829f3b2c..c3dde7b1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +index 9c86d272..3e329261 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +index 3cdacb5f..c61e6dac 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - faillock' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +index 1d8a6f72..1eb76d0b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - lastlog' + +@@ -50,7 +50,7 @@ references: + cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01 + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.2.1,A.6.2.2 + cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9 +- stigid@rhel8: RHEL-08-030600 ++ stigid@almalinux8: RHEL-08-030600 + + ocil_clause: 'there is not output' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +index 730b7d72..81c50692 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 + + title: 'Record Attempts to Alter Logon and Logout Events - tallylog' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +index 2b019243..cdbc3b52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +index 9e55247a..bf32011e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +index 7e15005a..59b04990 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +index fd97dc6e..78add9a6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i '/newgrp/d' /etc/audit/audit.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +index 3f534d4d..209478b1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/audit.rules + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +index 11463a77..cc44abea 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +index 0ba1cfb2..77a72fb3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/audit.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +index 8293c08f..03770257 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + # augenrules is default for rhel7 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +index c8017b46..576f0d55 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # Remediation for this rule cannot remove the duplicates + # remediation = none +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /tmp/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +index 83b00b1e..56866ef9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +index ff78e3de..192f8919 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +index ff080377..1743b072 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +index 694bc049..92b92961 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +index 473d8a0b..2374ffeb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +index 8c7f0479..289aaae3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +index b7258fe0..beecff6e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +index 3a947ea1..8471b399 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 own_key /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +index 6639d956..042cd757 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +index 0fcf3fb9..3b190421 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +index 62990d16..bd5affed 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +index 0cd92027..61bd9457 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +index 48d3c6c7..89185c9f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +index 4941b38a..ddcc0c2a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +index efc78bef..20bee456 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +index 462dda8b..aed6b69c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +index 03658656..552996e1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +index d6780b01..defb06db 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +index 9323934f..10312df2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +index e115387b..aa85dc90 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +index 5759f71d..2ad329d6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +index 1cb56746..a645a4e5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +index c29b6f82..e5a37cc8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +index 86c423dd..d17c346b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +index 9e9e8927..edadb991 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +index 56be0777..1c3f6bbe 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +index 2ce9d62a..2761d8c7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +index b458ed6d..3e1aa24d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +index 08c4df82..e815a6ec 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +index 43146e6d..db7ead20 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +index 25c2bed0..44330b44 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +index d8c8cfb0..700a45b7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +index 29dd8a7c..8920c283 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +index 3e3e5f52..2960ea56 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +index b2425c18..72f7854f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +index 6e3096d7..ff293488 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +index 4b19927a..6c83ab16 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +index aaf829f6..ff1f665f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +index 35dd183d..4b453e37 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +index 1c724193..db1987b7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +index e3c77b16..217cc372 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +index ae784911..805035c9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +index 29cd4a5d..c38b0e28 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Traverse all of: + # +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +index 1f563ae0..74e814d3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +@@ -42,5 +42,5 @@ references: + cobit5: APO01.06,APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030121 ++ stigid@almalinux8: RHEL-08-030121 + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +index 4633be5a..cb5dd0dc 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +index 0d731ffc..48457226 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +index fa07d5bf..563a4dda 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot =false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +index 4e4869a8..a7639a3f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +index 08694d30..dc3e8362 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +index e8801374..95ec4a64 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +index b6a4e7ef..31367467 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml +index df14260d..3c282656 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/rule.yml +@@ -46,7 +46,7 @@ references: + cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01 + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 +- stigid@rhel8: RHEL-08-030172 ++ stigid@almalinux8: RHEL-08-030172 + + ocil_clause: 'there is not output' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/bash/shared.sh +index a349bb1c..b31fde3b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Traverse all of: + # +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +index e8a2db35..5425deed 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Shutdown System When Auditing Failures Occur' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +index bb030985..53d33c43 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +index 0af21780..fcfa6176 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/group' + +@@ -53,7 +53,7 @@ references: + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 + stigid@sle12: SLES-12-020210 +- stigid@rhel8: RHEL-08-030170 ++ stigid@almalinux8: RHEL-08-030170 + + ocil_clause: 'the system is not configured to audit account changes' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +index f4dce555..83036d5e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/gshadow' + +@@ -53,7 +53,7 @@ references: + cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01 + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 +- stigid@rhel8: RHEL-08-030160 ++ stigid@almalinux8: RHEL-08-030160 + + ocil_clause: 'the system is not configured to audit account changes' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +index 240d4d8e..93723a7c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' + +@@ -54,7 +54,7 @@ references: + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 + srg@sle12: SRG-OS-000004-GPOS-00004,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000476-GPOS-00221 + stigid@sle12: SLES-12-020230 +- stigid@rhel8: RHEL-08-030140 ++ stigid@almalinux8: RHEL-08-030140 + + ocil_clause: 'the system is not configured to audit account changes' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +index 069916da..8982bf58 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/passwd' + +@@ -53,7 +53,7 @@ references: + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.7,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.6.2.1,A.6.2.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 + stigid@sle12: SLES-12-020200 +- stigid@rhel8: RHEL-08-030150 ++ stigid@almalinux8: RHEL-08-030150 + + ocil_clause: 'the system is not configured to audit account changes' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +index 5c13ca58..9739f79a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/shadow' + +@@ -54,7 +54,7 @@ references: + cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9 + stigid@sle12: SLES-12-020220 + srg@sle12: SRG-OS-000004-GPOS-00004,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000476-GPOS-00221 +- stigid@rhel8: RHEL-08-030130 ++ stigid@almalinux8: RHEL-08-030130 + + ocil_clause: 'the system is not configured to audit account changes' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +index ffddb94d..a75e450b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +index ed5ff647..09d8474f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +index 31b65a08..75f854d9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/bash/shared.sh +index 29aff706..d58e3e59 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +index fb64c243..30e0c22f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +index 65dc7861..74c7cee4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +@@ -26,7 +26,7 @@ references: + cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030120 ++ stigid@almalinux8: RHEL-08-030120 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 + + ocil_clause: 'any are more permissive' +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml +index e495992e..2389df1f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit/rule.yml +@@ -33,7 +33,7 @@ references: + cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030080 ++ stigid@almalinux8: RHEL-08-030080 + + ocil: |- + {{{ describe_file_owner(file="/var/log/audit", owner="root") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +index d6c45867..17a30a70 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +index eae8a2df..19e2cf09 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' + +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,APO11.04,APO12.06,BAI03.05,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,DSS06.02,MEA02.01 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.16.1.4,A.16.1.5,A.16.1.7,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,19,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030070 ++ stigid@almalinux8: RHEL-08-030070 + + ocil_clause: 'any are more permissive' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +index b3f245c9..9377f247 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +@@ -1,11 +1,11 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # reboot = false + # strategy = configure + # complexity = low + # disruption = low + {{{ ansible_instantiate_variables("var_audispd_remote_server") }}} + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} + {{% else %}} + {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +index 0e3d32fd..9eedc5a5 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +@@ -1,8 +1,8 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_audispd_remote_server") }}} + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + AUDITCONFIG=/etc/audit/audisp-remote.conf + {{% else %}} + AUDITCONFIG=/etc/audisp/audisp-remote.conf +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml +index 8fa77047..4faca2da 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml +@@ -1,4 +1,4 @@ +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} + {{% else %}} + {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +index c19af71b..1ef76084 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Configure audispd Plugin To Send Logs To Remote Server' + +@@ -8,7 +8,7 @@ description: |- + Configure the audispd plugin to off-load audit records onto a different + system or media from the system being audited. + Set the <tt>remote_server</tt> option in <pre> +-{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}} ++{{%- if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}} + /etc/audit/audisp-remote.conf + {{%- else -%}} + /etc/audisp/audisp-remote.conf +@@ -42,11 +42,10 @@ ocil_clause: 'audispd is not sending logs to a remote system' + ocil: |- + To verify the audispd plugin off-loads audit records onto a different system or + media from the system being audited, run the following command: +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + <pre>$ sudo grep -i remote_server /etc/audit/audisp-remote.conf</pre> + {{% else %}} + <pre>$ sudo grep -i remote_server /etc/audisp/audisp-remote.conf</pre> + {{% endif %}} + The output should return something similar to + <pre>remote_server = <i>{{{ xccdf_value("var_audispd_remote_server") }}}</i></pre> +- +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh +index f3401af3..dc069b05 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh +index 29cf6015..61a9640e 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +index d3bf2845..2cf0d67d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh +index 344ff384..fda02e3f 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh +@@ -1,7 +1,7 @@ + # platform = multi_platform_wrlinux,multi_platform_all + . /usr/share/scap-security-guide/remediation_functions + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + AUDISP_REMOTE_CONFIG="/etc/audit/audisp-remote.conf" + option="^transport" + value="KRB5" +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml +index 1e21e071..04f841d1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml +@@ -1,6 +1,6 @@ + <def-group> + <definition class="compliance" id="auditd_audispd_encrypt_sent_records" version="1"> +- {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++ {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + {{{ oval_metadata("transport setting in /etc/audit/audisp-remote.conf is set to 'KRB5'") }}} + {{% else %}} + {{{ oval_metadata("enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'") }}} +@@ -17,14 +17,14 @@ + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object id="object_auditd_audispd_encrypt_sent_records" version="1"> +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + <ind:filepath>/etc/audit/audisp-remote.conf</ind:filepath> + {{% else %}} + <ind:filepath>/etc/audisp/audisp-remote.conf</ind:filepath> + {{% endif %}} + <!-- Allow only space (exactly) as delimiter --> + <!-- Require at least one space before and after the equal sign --> +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + <ind:pattern operation="pattern match">^[ ]*transport[ ]+=[ ]+KRB5[ ]*$</ind:pattern> + {{% else %}} + <ind:pattern operation="pattern match">^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$</ind:pattern> +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +index 1943a00f..fc7380b7 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +@@ -1,13 +1,13 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Encrypt Audit Records Sent With audispd Plugin' + + description: |- + Configure the operating system to encrypt the transfer of off-loaded audit + records onto a different system or media from the system being audited. +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + Set the <tt>transport</tt> option in <pre>/etc/audit/audisp-remote.conf</pre> + to <tt>KRB5</tt>. + {{% else %}} +@@ -26,7 +26,7 @@ severity: medium + identifiers: + cce@rhel7: CCE-80540-8 + cce@rhel8: CCE-80926-9 +- cce@sle12: CCE-83063-8 ++ cce@sle12: CCE-83063-8 + + references: + stigid@ol7: OL07-00-030310 +@@ -34,7 +34,7 @@ references: + nist: AU-9(3),CM-6(a) + srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 + stigid@rhel7: RHEL-07-030310 +- stigid@sle12: SLES-12-030340 ++ stigid@sle12: SLES-12-030340 + ospp: FAU_GEN.1.1.c + + ocil_clause: 'audispd is not encrypting audit records when sent over the network' +@@ -42,7 +42,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network + ocil: |- + To verify the audispd plugin encrypts audit records off-loaded onto a different + system or media from the system being audited, run the following command: +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + <pre>$ sudo grep -i transport /etc/audit/audisp-remote.conf</pre> + The output should return the following: + <pre>transport = KRB5</pre> +@@ -51,4 +51,3 @@ ocil: |- + The output should return the following: + <pre>enable_krb5 = yes</pre> + {{% endif %}} +- +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh +index 9b2f37fd..4f7164e3 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh +index 8933828d..75fe1ce1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh +index 5d6fb974..a8e33c70 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh +index 7d594d64..5d1ae6e8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +index f756e479..c0b4f1ce 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Configure audispd''s Plugin network_failure_action On Network Failure' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml +index 56611725..5e7c5327 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml +@@ -6,7 +6,7 @@ + + - name: enable syslog plugin + lineinfile: +- {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}} ++ {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}} + dest: /etc/audit/plugins.d/syslog.conf + {{%- else -%}} + dest: /etc/audisp/plugins.d/syslog.conf +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh +index 6f2b49d4..7b0d6072 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh +@@ -2,7 +2,7 @@ + . /usr/share/scap-security-guide/remediation_functions + var_syslog_active="yes" + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + AUDISP_SYSLOGCONFIG=/etc/audit/plugins.d/syslog.conf + {{% else %}} + AUDISP_SYSLOGCONFIG=/etc/audisp/plugins.d/syslog.conf +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml +index 834225ca..6c4ff9cd 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml +@@ -1,6 +1,6 @@ + <def-group> + <definition class="compliance" id="auditd_audispd_syslog_plugin_activated" version="1"> +- {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "fedora", "ol8", "rhv4"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}} ++ {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}} + + <criteria> + <criterion comment="active setting in syslog.conf" test_ref="test_auditd_audispd_syslog_plugin_activated" /> +@@ -13,7 +13,7 @@ + </ind:textfilecontent54_test> + + <ind:textfilecontent54_object id="object_auditd_audispd_syslog_plugin_activated" version="1"> +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + <ind:filepath>/etc/audit/plugins.d/syslog.conf</ind:filepath> + {{% else %}} + <ind:filepath>/etc/audisp/plugins.d/syslog.conf</ind:filepath> +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml +index c42c90a8..b728269f 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml +@@ -6,7 +6,7 @@ description: |- + To configure the <tt>auditd</tt> service to use the + <tt>syslog</tt> plug-in of the <tt>audispd</tt> audit event multiplexor, set + the <tt>active</tt> line in <tt> +-{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}} ++{{%- if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}} + /etc/audit/plugins.d/syslog.conf + {{%- else -%}} + /etc/audisp/plugins.d/syslog.conf +@@ -48,10 +48,9 @@ ocil_clause: 'it is not activated' + + ocil: |- + To verify the audispd's syslog plugin is active, run the following command: +-{{% if product in ["rhel8", "fedora", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "rhv4", "almalinux8"] %}} + <pre>$ sudo grep active /etc/audit/plugins.d/syslog.conf</pre> + {{% else %}} + <pre>$ sudo grep active /etc/audisp/plugins.d/syslog.conf</pre> + {{% endif %}} + If the plugin is active, the output will show <tt>yes</tt>. +- +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh +index e2df674c..d71a83db 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh +index b05ad85b..d03bbb3d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh +index 151f2aff..3cb652bf 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +index 06f4a10c..ba788edb 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +index 2b17ddd8..bccaaab8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml +index 8e6836ae..4c7e458a 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml +@@ -34,7 +34,7 @@ references: + cobit5: APO11.04,APO12.06,APO13.01,BAI03.05,BAI04.04,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,MEA02.01 + iso27001-2013: A.12.1.3,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.16.1.4,A.16.1.5,A.16.1.7,A.17.2.1 + cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030040 ++ stigid@almalinux8: RHEL-08-030040 + srg: SRG-OS-000047-GPOS-00023 + + ocil_clause: 'the system is not configured to switch to single-user mode for corrective action' +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +index 61cc4751..7f66a5c1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +index b136cc1a..47d47eb7 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml +index 6b7dddb0..e9044642 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml +@@ -41,7 +41,7 @@ references: + srg@sle12: SRG-OS-000047-GPOS-00023 + disa@sle12: CCI-000140 + nist@sle12: AU-5(b),AU-5.1(iv) +- stigid@rhel8: RHEL-08-030060 ++ stigid@almalinux8: RHEL-08-030060 + srg: SRG-OS-000047-GPOS-00023 + + ocil_clause: 'the system is not configured to switch to single-user mode for corrective action' +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +index b82e6d17..717e52b9 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +index ac78fe87..5fcd1604 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +index 8325306a..fce1cff3 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +@@ -43,7 +43,7 @@ references: + srg@sle12: SRG-OS-000046-GPOS-00022 + disa@sle12: CCI-000139 + nist@sle12: AU-5(a),AU-5.1(ii) +- stigid@rhel8: RHEL-08-030020 ++ stigid@almalinux8: RHEL-08-030020 + + ocil_clause: 'auditd is not configured to send emails per identified actions' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +index 93d076fa..02b862b9 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +index 0c23a906..4b96b471 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + + {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +index f909e5ec..72f7c8c4 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +index efe151c6..88fb23c1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_flush") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +index 8b889b9d..76af1fca 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure auditd flush priority' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +index 9817ba88..1a718d62 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +index 2dc2791e..eb6d3368 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +index dadc03e8..ae2b6248 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +index 741e5487..453786c9 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +index fb0da2f5..3206a5a3 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +index 9a930ab2..0b4e4944 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +index 65c77aa3..2440e259 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +index 9f405890..ceda723b 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +index 595959e0..28abf5c2 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +index 42f987dd..8e13a71d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml +index 07c21ca5..8a377220 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml +@@ -44,7 +44,7 @@ references: + isa-62443-2009: 4.2.3.10,4.3.3.3.9,4.3.3.5.8,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4 + cobit5: APO11.04,APO12.06,APO13.01,BAI03.05,BAI04.04,BAI08.02,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS05.04,DSS05.07,MEA02.01 + cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8 +- stigid@rhel8: RHEL-08-030050 ++ stigid@almalinux8: RHEL-08-030050 + srg: SRG-OS-000047-GPOS-00023 + + ocil_clause: 'the system has not been properly configured to rotate audit logs' +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +index 6fe9e014..7b15c894 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +index ab0bea58..a6158699 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +index 9b79489b..1315f39b 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_space_left") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +index 7d845954..545f255d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Configure auditd space_left on Low Disk Space' + +@@ -43,7 +43,7 @@ references: + srg@sle12: SRG-OS-000343-GPOS-00134 + disa@sle12: CCI-001855 + nist@sle12: AU-5(1) +- stigid@rhel8: RHEL-08-030730 ++ stigid@almalinux8: RHEL-08-030730 + + ocil_clause: 'the system is not configured a specfic size in MB to notify administrators of an issue' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +index 04062e34..3b30d2ea 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +index 1d2b211c..d7fdf9be 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml +index 5afb2c8f..19d74967 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml +@@ -21,7 +21,7 @@ identifiers: + references: + ospp: FAU_GEN.1.1.c + srg: SRG-OS-000062-GPOS-00031 +- stigid@rhel8: RHEL-08-030061 ++ stigid@almalinux8: RHEL-08-030061 + + ocil_clause: local_events isn't set to yes + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml +index 76d31a6f..64ed5573 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml +@@ -22,7 +22,7 @@ identifiers: + references: + ospp: FAU_GEN.1 + srg: SRG-OS-000255-GPOS-00096 +- stigid@rhel8: RHEL-08-030063 ++ stigid@almalinux8: RHEL-08-030063 + + ocil_clause: log_format isn't set to ENRICHED + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml +index a778d5fa..6e203408 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml +@@ -25,7 +25,7 @@ references: + disa: CCI-001851 + ospp: FAU_GEN.1 + srg: SRG-OS-000039-GPOS-00017,SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224 +- stigid@rhel8: RHEL-08-030062 ++ stigid@almalinux8: RHEL-08-030062 + + ocil_clause: name_format isn't set to hostname + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +index ed780837..63e7015d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var +index bcafc35b..9e8abe6c 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var +@@ -3,7 +3,7 @@ documentation_complete: true + title: 'Remote server for audispd to send audit records' + + description: |- +-{{% if product in ["rhel8", "fedora"] %}} ++{{% if product in ["rhel8", "fedora", "almalinux8"] %}} + The setting for remote_server in /etc/audit/audisp-remote.conf + {{% else %}} + The setting for remote_server in /etc/audisp/audisp-remote.conf +diff --git a/linux_os/guide/system/auditing/group.yml b/linux_os/guide/system/auditing/group.yml +index 82f87e81..a6371326 100644 +--- a/linux_os/guide/system/auditing/group.yml ++++ b/linux_os/guide/system/auditing/group.yml +@@ -37,11 +37,7 @@ description: |- + requirements. + Examining some example audit records demonstrates how the Linux audit system + satisfies common requirements. +- The following example from Fedora Documentation available at +- <tt>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html#sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages") }}}</tt> +- shows the substantial amount of information captured in a +- two typical "raw" audit messages, followed by a breakdown of the most important +- fields. In this example the message is SELinux-related and reports an AVC ++ In this example the message is SELinux-related and reports an AVC + denial (and the associated system call) that occurred when the Apache HTTP + Server attempted to access the <tt>/var/www/html/file1</tt> file (labeled with + the <tt>samba_share_t</tt> type): +@@ -103,4 +99,3 @@ description: |- + </li></ul> + + platform: machine +- +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +index d033770f..12be1fad 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' + +@@ -45,7 +45,7 @@ references: + iso27001-2013: A.11.2.6,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.2.1,A.14.1.3,A.15.2.1,A.15.2.2,A.16.1.4,A.16.1.5,A.16.1.7,A.6.2.1,A.6.2.2 + cis-csc: 1,11,12,13,14,15,16,19,3,4,5,6,7,8 + srg: SRG-OS-000254-GPOS-00095 +- stigid@rhel8: RHEL-08-030601 ++ stigid@almalinux8: RHEL-08-030601 + + ocil_clause: 'auditing is not enabled at boot time' + +@@ -96,9 +96,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel7", "ol7", "rhel8", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh +index dfffe3a7..1526a372 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Removes audit argument from kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh +index 9823b08d..4522a4c6 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1" +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh +index 556b82c4..fa266b77 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Break the audit argument in kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh +index 59f1ed22..e9cac86b 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Break the audit argument in kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +index 27e19e7c..cc40510b 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Extend Audit Backlog Limit for the Audit Daemon' + +@@ -27,7 +27,7 @@ references: + srg: SRG-OS-000254-GPOS-00095 + nist: CM-6(a) + cis@rhel8: 4.1.1.4 +- stigid@rhel8: RHEL-08-030602 ++ stigid@almalinux8: RHEL-08-030602 + + ocil_clause: 'audit backlog limit is not configured' + +@@ -54,9 +54,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh +index 3648f215..1db7652a 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192" +diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh +index 921c9db9..d54cf31e 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +index 8ed5af70..f448e8e3 100644 +--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml ++++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install audispd-plugins Package' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +index a11fe8e7..cadd6b43 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +index 458ac7e0..91d95484 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of unsuccessful file accesses' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +index d4e767f0..e0f28eed 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +index 06461871..9d11af17 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful file accesses' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +index 6991012e..d64f936a 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +index cce5e83f..01125937 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4,rhcos4 + + title: 'Configure basic parameters of Audit system' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +index 2183f473..a77b9b9c 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +index 92800b47..f4c64daa 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of unsuccessful file creations' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +index 59db7b10..e0f89068 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful file creations' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +index 17ba8b31..d4198635 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +index 2f67a150..402cc6e9 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of unsuccessful file deletions' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +index 2b34b1ea..783f64cb 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +index f54899fb..afae21b8 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful file deletions' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +index 95e6a2e6..4513e314 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +index 073f29c9..7fd6d37b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure immutable Audit login UIDs' + +@@ -37,7 +37,7 @@ references: + ospp: FAU_GEN.1.1.c + nist: AU-2(a) + srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220 +- stigid@rhel8: RHEL-08-030122 ++ stigid@almalinux8: RHEL-08-030122 + + ocil_clause: 'the file does not exist or the content differs' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +index 3bdfdf8d..6a749287 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +index 51f9d76f..b17430b0 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4,rhcos4 + + title: 'Configure auditing of unsuccessful file modifications' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +index 430d311e..9b41639f 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +index b51acc04..61d188ba 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful file modifications' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +index f3fc0dfe..8be58e06 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +index 20bfca83..7765bbb8 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4,rhcos4 + + title: 'Configure auditing of loading and unloading of kernel modules' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +index d59066cc..d5f6a099 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +index fbf7473c..8a689516 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4,rhcos4 + + title: 'Perform general configuration of Audit for OSPP' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +index b0052f8b..3ed378c2 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of unsuccessful ownership changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +index 3657a32f..e8b48130 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful ownership changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +index 477c7428..24d60623 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of unsuccessful permission changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +index 53ecf9d5..c193d45b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure auditing of successful permission changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/bash/shared.sh b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/bash/shared.sh +index a3bf5607..be1129db 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/bash/shared.sh ++++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + cp /usr/share/doc/audit*/rules/10-base-config.rules /etc/audit/rules.d + cp /usr/share/doc/audit*/rules/11-loginuid.rules /etc/audit/rules.d +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +index 26e7016c..33af252a 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Configure audit according to OSPP requirements' + +diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +index 2ab43f2b..71cf219a 100644 +--- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +index d09446bd..86f0ceb1 100644 +--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml ++++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +@@ -52,7 +52,7 @@ references: + srg@sle12: SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000392-GPOS-00172,SRG-OS-000480-GPOS-00227 + disa@sle12: CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-000135,CCI-000154,CCI-000158,CCI-000366,CCI-001464,CCI-001487,CCI-001876,CCI-002884 + nist@sle12: AU-3,AU-3(1),AU-3(1).1(ii),AU-3.1,AU-6(4),AU-6(4).1,AU-7(1),AU-7(1).1,AU-7(a),AU-14(1),AU-14(1).1,CM-6(b),CM-6.1(iv),MA-4(1)(a) +- stigid@rhel8: RHEL-08-010560 ++ stigid@almalinux8: RHEL-08-010560 + + ocil: '{{{ ocil_service_enabled(service="auditd") }}}' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +index 89ffe074..288b83a0 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'Configure kernel to trust the CPU random number generator' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +index e3b63d96..e1e10d72 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: 'Enable Kernel Page-Table Isolation (KPTI)' + +@@ -25,7 +25,7 @@ identifiers: + references: + srg: SRG-OS-000433-GPOS-00193 + nist: SI-16 +- stigid@rhel8: RHEL-08-040004 ++ stigid@almalinux8: RHEL-08-040004 + + ocil_clause: 'Kernel page-table isolation is not enabled' + +@@ -52,9 +52,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel8", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh +index f9b42970..2f0e238f 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Removes pti argument from kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh +index dfebbbf7..25a0020c 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) pti=on" +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh +index b4dd962b..c4092a2d 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Break the pti argument in kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +index b0904920..89b83462 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable vsyscalls' + +@@ -24,7 +24,7 @@ identifiers: + references: + srg: SRG-OS-000480-GPOS-00227 + nist: CM-7(a) +- stigid@rhel8: RHEL-08-010422 ++ stigid@almalinux8: RHEL-08-010422 + + ocil_clause: 'vsyscalls are enabled' + +@@ -51,9 +51,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +index 85ef10db..fe45409c 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +index dcd00e18..577d4bd1 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +index bd4f85bc..4a017d02 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg Permissions' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +index 4b04936e..e53066bd 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Set the Boot Loader Admin Username to a Non-Default Value' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml +index 5b2846ec..94a9a1cd 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Boot Loader Is Not Installed On Removeable Media' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 92129ab7..d064f632 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Set Boot Loader Password in grub2' + +@@ -63,7 +63,7 @@ references: + iso27001-2013: A.18.1.4,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,14,15,16,18,3,5 + anssi: BP28(R17) +- stigid@rhel8: RHEL-08-010150 ++ stigid@almalinux8: RHEL-08-010150 + + ocil_clause: 'it does not' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +index 4d9fdf54..a7799d37 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +@@ -1,20 +1,20 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' + + description: |- + {{%- if product == "fedora" %}} +- The file <tt>/boot/efi/EFI/fedora/grub.cfg</tt> should ++ The file <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should + be group-owned by the <tt>root</tt> group to prevent + destruction or modification of the file. +- {{{ describe_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}} ++ {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{% else %}} +- The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should ++ The file <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should + be group-owned by the <tt>root</tt> group to prevent + destruction or modification of the file. +- {{{ describe_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}} ++ {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{%- endif %}} + + rationale: |- +@@ -39,16 +39,16 @@ references: + + ocil_clause: |- + {{%- if product == "fedora" %}} +- {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}} ++ {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{% else %}} +- {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}} ++ {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{%- endif %}} + + ocil: |- + {{%- if product == "fedora" %}} +- {{{ ocil_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}} ++ {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{% else %}} +- {{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}} ++ {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}} + {{%- endif %}} + + platform: machine +@@ -56,6 +56,6 @@ platform: machine + template: + name: file_groupowner + vars: +- filepath: /boot/efi/EFI/redhat/grub.cfg +- filepath@fedora: /boot/efi/EFI/fedora/grub.cfg ++ filepath: /boot/efi/EFI/almalinux/grub.cfg ++ filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg + filegid: '0' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +index a9f498ed..f0f979ce 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +@@ -1,20 +1,20 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' + + description: |- + {{%- if product == "fedora" %}} +- The file <tt>/boot/efi/EFI/fedora/grub.cfg</tt> should ++ The file <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should + be owned by the <tt>root</tt> user to prevent destruction + or modification of the file. +- {{{ describe_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}} ++ {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{% else %}} +- The file <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should ++ The file <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should + be owned by the <tt>root</tt> user to prevent destruction + or modification of the file. +- {{{ describe_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}} ++ {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{%- endif %}} + + rationale: 'Only root should be able to modify important boot parameters.' +@@ -37,16 +37,16 @@ references: + + ocil_clause: |- + {{%- if product == "fedora" %}} +- {{{ ocil_clause_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}} ++ {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{% else %}} +- {{{ ocil_clause_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}} ++ {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{%- endif %}} + + ocil: |- + {{%- if product == "fedora" %}} +- {{{ ocil_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}} ++ {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{% else %}} +- {{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}} ++ {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}} + {{%- endif %}} + + platform: machine +@@ -54,6 +54,6 @@ platform: machine + template: + name: file_owner + vars: +- filepath: /boot/efi/EFI/redhat/grub.cfg +- filepath@fedora: /boot/efi/EFI/fedora/grub.cfg ++ filepath: /boot/efi/EFI/almalinux/grub.cfg ++ filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg + fileuid: '0' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +index 1019d9ba..644ae437 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +@@ -1,16 +1,16 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Verify the UEFI Boot Loader grub.cfg Permissions' + + description: |- + {{%- if product == "fedora" %}} +- File permissions for <tt>/boot/efi/EFI/fedora/grub.cfg</tt> should be set to 700. +- {{{ describe_file_permissions(file="/boot/efi/EFI/fedora/grub.cfg", perms="700") }}} ++ File permissions for <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should be set to 700. ++ {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}} + {{% else %}} +- File permissions for <tt>/boot/efi/EFI/redhat/grub.cfg</tt> should be set to 700. +- {{{ describe_file_permissions(file="/boot/efi/EFI/redhat/grub.cfg", perms="700") }}} ++ File permissions for <tt>/boot/efi/EFI/almalinux/grub.cfg</tt> should be set to 700. ++ {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}} + {{%- endif %}} + + rationale: |- +@@ -35,11 +35,11 @@ ocil_clause: 'it does not' + + ocil: |- + {{%- if product == "fedora" %}} +- To check the permissions of /boot/efi/EFI/fedora/grub.cfg, run the command: +- <pre>$ sudo ls -lL /boot/efi/EFI/fedora/grub.cfg</pre> ++ To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command: ++ <pre>$ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg</pre> + {{% else %}} +- To check the permissions of /boot/efi/EFI/redhat/grub.cfg, run the command: +- <pre>$ sudo ls -lL /boot/efi/EFI/redhat/grub.cfg</pre> ++ To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command: ++ <pre>$ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg</pre> + {{%- endif %}} + If properly configured, the output should indicate the following + permissions: <tt>-rwx------</tt> +@@ -49,6 +49,6 @@ platform: machine + template: + name: file_permissions + vars: +- filepath: /boot/efi/EFI/redhat/grub.cfg +- filepath@fedora: /boot/efi/EFI/fedora/grub.cfg ++ filepath: /boot/efi/EFI/almalinux/grub.cfg ++ filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg + filemode: '0700' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml +index 8545e8ab..9583e7fe 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml +@@ -1,7 +1,7 @@ + {{% if product == "fedora" %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% else %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% endif %}} + + <def-group> +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +index ea5c80f1..bc0067ed 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value' + +@@ -20,17 +20,10 @@ description: |- + Once the superuser account has been added, + update the + <tt>grub.cfg</tt> file by running: +- <pre>grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre> ++ <pre>grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre> + + rationale: |- + Having a non-default grub superuser username makes password-guessing attacks less effective. +- {{% if product == "rhel7" %}} +- For more information on how to configure the grub2 superuser account and password, +- please refer to +- <ul> +- <li>{{{ weblink(link="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-working_with_the_grub_2_boot_loader#sec-Protecting_GRUB_2_with_a_Password") }}}</li>. +- </ul> +- {{% endif %}} + + severity: low + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml +index 230aab73..5c728f6b 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml +@@ -1,7 +1,7 @@ + {{% if product == "fedora" %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% else %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% endif %}} + + <def-group> +@@ -31,7 +31,7 @@ + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + +- <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" id="test_grub2_uefi_password_usercfg" version="1"> ++ <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" id="test_grub2_uefi_password_usercfg" version="1"> + <ind:object object_ref="object_grub2_uefi_password_usercfg" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_grub2_uefi_password_usercfg" version="1"> +@@ -40,7 +40,7 @@ + <ind:instance datatype="int">1</ind:instance> + </ind:textfilecontent54_object> + +- <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/redhat/grub.cfg" id="test_grub2_uefi_password_grubcfg" version="1"> ++ <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/almalinux/grub.cfg" id="test_grub2_uefi_password_grubcfg" version="1"> + <ind:object object_ref="object_grub2_uefi_password_grubcfg" /> + </ind:textfilecontent54_test> + <ind:textfilecontent54_object id="object_grub2_uefi_password_grubcfg" version="1"> +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index decb94b9..303cd735 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Set the UEFI Boot Loader Password' + +@@ -32,7 +32,7 @@ description: |- + {{% if product == "sle12" %}} + <pre>grub2-mkconfig -o /boot/efi/EFI/sles/grub.cfg</pre> + {{% else %}} +- <pre>grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre> ++ <pre>grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre> + {{% endif %}} + + rationale: |- +@@ -67,7 +67,7 @@ references: + iso27001-2013: A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 11,12,14,15,16,18,3,5 + anssi: BP28(R17) +- stigid@rhel8: RHEL-08-010140 ++ stigid@almalinux8: RHEL-08-010140 + + ocil_clause: 'it does not' + +@@ -91,7 +91,7 @@ ocil: |- + 916F7AB46E0D.1302284FCCC52CD73BA3671C6C12C26FF50BA873293B24EE2A96EE3B57963E6D7 + 0C83964B473EC8F93B07FE749AA6710269E904A9B08A6BBACB00A2D242AD828</pre> + {{% else %}} +- <pre>sudo cat /boot/efi/EFI/redhat/user.cfg</pre> ++ <pre>sudo cat /boot/efi/EFI/almalinux/user.cfg</pre> + The output should be similar to: + <pre>GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC + 2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0 +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml +index 9ebe7786..c5e4662f 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml +@@ -1,7 +1,7 @@ + {{% if product == "fedora" %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% else %}} +-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}} ++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}} + {{% endif %}} + + <def-group> +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml +index cd1dd721..8fdb9eb6 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'UEFI Boot Loader Is Not Installed On Removeable Media' + +@@ -31,7 +31,7 @@ ocil_clause: 'it is not' + ocil: |- + To verify the system is not configured to use a boot loader on removable media, + run the following command: +- <pre>$ sudo grep "set root='hd0" /boot/efi/EFI/redhat/grub.cfg</pre> ++ <pre>$ sudo grep "set root='hd0" /boot/efi/EFI/almalinux/grub.cfg</pre> + The output should return something similar to: + <pre>set root='hd0,msdos1'</pre> + <tt>usb0</tt>, <tt>cd</tt>, <tt>fd0</tt>, etc. are some examples of removeable +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +index c2fb5ba6..96d2f138 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh +index 7a828837..d13ae7f5 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Make sure boot loader entries contain audit=1 + for file in /boot/loader/entries/*.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh +index 3af83d30..28a0af73 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Make sure boot loader entries contain audit=1 + for file in /boot/loader/entries/*.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh +index 5650cc0a..1ee37320 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Remove audit=1 from all boot entries + sed -Ei 's/(^options.*\s)audit=1(.*?)$/\1\2/' /boot/loader/entries/* +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +index 6548c352..e5e5f421 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +index c3f032d8..6aae1604 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Ensure all zIPL boot entries are BLS compliant' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh +index e3adb996..13e5314b 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # remediation = none + + # Make sure no image configured in zipl config file +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh +index 47626442..2a88d2ab 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # remediation = none + + # Make sure no image configured in zipl config file +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml +index 7f2be356..80f8b55f 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/bash/shared.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/bash/shared.sh +index 2310ca06..c728aabe 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/bash/shared.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + /usr/sbin/zipl +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +index 13192cd8..a1e32325 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Ensure zIPL bootmap is up to date' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh +index 728c6b7b..b06f989e 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # remediation = none + + touch /etc/zipl.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh +index 1ae4d631..0f115566 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # remediation = none + + touch /boot/loader/entries/*.conf # Update current existing entries +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh +index 7981ba8c..8bfdce20 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # remediation = none + + touch /etc/zipl.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +index 261b227d..122ae022 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Ensure SELinux Not Disabled in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +index 42c1c8ae..b28abf5e 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Enable page allocator poisoning in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +index 2f9b04f7..f02be03d 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Enable SLUB/SLAB allocator poisoning in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +index f90a0fb4..add880cd 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Disable vsyscalls in zIPL' + +diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml +index 555d53cb..9c53ce53 100644 +--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml ++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure Logwatch HostLimit Line' + +diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml +index 405034e9..c1cab9d3 100644 +--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml ++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure Logwatch SplitHosts Line' + +diff --git a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml +index 245b9fa8..60ad4244 100644 +--- a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml ++++ b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Logwatch on Clients if a Logserver Exists' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh +index bae2c025..e279577c 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then + mkdir -p /etc/rsyslog.d +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +index 5e8f08fd..73792bfa 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure cron Is Logging To Rsyslog' + +@@ -36,7 +36,7 @@ references: + iso27001-2013: A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.15.2.1,A.15.2.2 + cis-csc: 1,14,15,16,3,5,6 + ism: 0988,1405 +- stigid@rhel8: RHEL-08-030010 ++ stigid@almalinux8: RHEL-08-030010 + + ocil_clause: 'cron is not logging to rsyslog' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh +index 9e3dd5bc..4f352cd4 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root group-owner log from rules and + # non root group-owner log from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh +index 5954bffe..fa931512 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh +index d45aa949..16e65401 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root group-owner log from rules and + # non root group-owner log from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh +index 8d401167..33d41ce2 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh +index 29c36cd9..2a51f6b6 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root group-owner log from rules and + # non root group-owner log from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh +index 786a0497..8edd25b1 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh +index dd8dbf4d..dcbbc80f 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from multiline include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh +index 85d125d6..9871fd3b 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with non root group-owner in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh +index 233bf313..1b1fd744 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with root group-owner in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh +index c7aba8d3..d748f0c3 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root user log from rules and + # non root user log from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh +index c2d09af9..22f71719 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root user log from rules and + # root user log from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh +index cee56549..8e6d8185 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root user log from rules and + # non root user log from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh +index 6d0efc3b..ae232ac2 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root user log from rules and + # root user log from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh +index 713abe75..999d0b0f 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root user log from rules and + # non root user log from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh +index 8facc53b..796fe420 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root user log from rules and + # root user log from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh +index c3a74aa2..7a1a743c 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with root user log from rules and + # root user log from multiline include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh +index c9768fc1..2d94ac8d 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with non root user in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh +index f61f9f63..dd6504a7 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with root user in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh +index d9c2f79e..be4b4adc 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # List of log file paths to be inspected for correct permissions + # * Primarily inspect log file paths listed in /etc/rsyslog.conf +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh +index 3bb5818d..ffc31bc3 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh +index 2ae5c89a..f4133e40 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0601 from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh +index 358789c7..ff2e6ce4 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from multiline include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh +index 0bd8212e..29c34e67 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh +index 357d4f97..2f4ea8df 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with log file permisssions 0600 from rules and + # log file permissions 0600 from include() passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh +index 7bdb830c..70025baa 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with log file permisssions 0600 from rules and + # log file permissions 0601 from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh +index fd3f9e92..3b31950c 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0601 from include() fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh +index e5111873..a2ea391f 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with permissions 0600 in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh +index 89d1e26c..7141e0da 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check if log file with permissions 0601 in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml +index 4e969a30..42909f3f 100644 +--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml ++++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml +@@ -18,7 +18,7 @@ identifiers: + references: + ospp: FTP_ITC_EXT.1.1 + srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061 +- stigid@rhel8: RHEL-08-030680 ++ stigid@almalinux8: RHEL-08-030680 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml +index 7fb9ee40..db5f7ef1 100644 +--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml ++++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml +@@ -28,7 +28,7 @@ references: + cobit5: APO11.04,BAI03.05,DSS05.04,DSS05.07,MEA02.01 + cis-csc: 1,14,15,16,3,5,6 + srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024 +- stigid@rhel8: RHEL-08-030670 ++ stigid@almalinux8: RHEL-08-030670 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +index fe06b1c2..0bd7b616 100644 +--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server' + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml +index 407e1be3..c85cc237 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh +index 836f0af2..78aba4d8 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml +index 8d8be95f..2b4c49b4 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml +@@ -58,7 +58,7 @@ references: + cobit5: APO11.04,APO13.01,BAI03.05,BAI04.04,DSS05.04,DSS05.07,MEA02.01 + cis-csc: 1,13,14,15,16,2,3,5,6 + ism: 0988,1405 +- stigid@rhel8: RHEL-08-030690 ++ stigid@almalinux8: RHEL-08-030690 + + ocil_clause: 'none of these are present' + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml +index e8c2ea6f..7fb84760 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: 'Configure TLS for rsyslog remote logging' + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml +index d08374a8..2c84c098 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: 'Configure CA certificate for rsyslog remote logging' + +diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml +index a87d19fc..14374bb0 100644 +--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml ++++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml +@@ -29,7 +29,7 @@ references: + cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO13.01,BAI03.05,BAI04.04,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01 + cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9 + cis@ubuntu2004: 4.2.1.2 +- stigid@rhel8: RHEL-08-010561 ++ stigid@almalinux8: RHEL-08-010561 + srg: SRG-OS-000480-GPOS-00227 + + ocil: '{{{ ocil_service_enabled(service="rsyslog") }}}' +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +index 7aea04c6..00a21cfa 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Install firewalld Package' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index 818edc3c..fc684c39 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Verify firewalld Enabled' + +@@ -34,7 +34,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 + cis@sle15: 3.5.1.4 +- stigid@rhel8: RHEL-08-040100 ++ stigid@almalinux8: RHEL-08-040100 + + ocil: '{{{ ocil_service_enabled(service="firewalld") }}}' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh +index 0a698d3c..951e20e6 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_wrlinux,multi_platform_ol + # reboot = false + # complexity = low + # strategy = configure +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +index 04c7cebc..1e0c330c 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Configure the Firewalld Ports' + +@@ -53,7 +53,7 @@ references: + iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 + cis-csc: 11,12,14,15,3,8,9 + ism: "1416" +- stigid@rhel8: RHEL-08-040030 ++ stigid@almalinux8: RHEL-08-040030 + + ocil_clause: 'the default rules are not configured' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml +index 787eb697..b507337f 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +index 60520b21..168a29c4 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Set Default firewalld Zone for Incoming Packets' + +diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +index a72513b7..36b41e1b 100644 +--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Verify Any Configured IPSec Tunnel Connections' + +diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +index d5d4b9bc..025ac83a 100644 +--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install libreswan Package' + +diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml +index 15b66f5d..861426d8 100644 +--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Install iptables Package' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml +index 23dfed41..e90a8c6a 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Manually Assign IPv6 Router Address' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh +index d787fbbb..d209806d 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + # enable randomness in ipv6 address generation + for interface in /etc/sysconfig/network-scripts/ifcfg-* +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml +index 5d554b2c..fad68a9b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Use Privacy Extensions for Address' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml +index aac0fae4..ca69e4d4 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Manually Assign Global IPv6 Address' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +index f3b2aeea..2080559c 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +index 0b38e2f4..f24a7236 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' + +@@ -27,7 +27,7 @@ references: + cis-csc: 11,14,3,9 + srg: SRG-OS-000480-GPOS-00227 + cis@sle15: 3.3.9 +- stigid@rhel8: RHEL-08-040261 ++ stigid@almalinux8: RHEL-08-040261 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml +index 5b5bfc96..0de99319 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml +index d75989fc..987cdee8 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml +index 09d263cf..a6fccd67 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +index ede503c0..56a06d0a 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index 9253f723..30e4fd3f 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +index 6d05fa28..2e910c46 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index 8767a522..746b24fa 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml +index e7b9455e..fbef57d3 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Auto Configuration on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index 2944e5f4..97b22b95 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml +index 6621abe5..15322ec5 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml +index d9841fef..976f6de5 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +index 4ec63bd9..87536abe 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +index 167fb59f..c49d18c2 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' + +@@ -27,7 +27,7 @@ references: + cis-csc: 11,14,3,9 + srg: SRG-OS-000480-GPOS-00227 + cis@sle15: 3.3.9 +- stigid@rhel8: RHEL-08-040262 ++ stigid@almalinux8: RHEL-08-040262 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml +index 5cf98305..1aacc692 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml +index d7dad19f..9e1944ef 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml +index b6ee0610..fe540252 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +index 849b0d45..c2369642 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +index 970db38b..280af55c 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +index 6a26a8fb..b13d3aae 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index af6be950..2a0a07a0 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml +index af2322b3..c2fc7e4b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Auto Configuration on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml +index 32ade229..f0492b1b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml +index c2871e00..38b03173 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml +index aa60680e..06fa8075 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure IPv6 is disabled through kernel boot parameter' + +@@ -81,9 +81,9 @@ warnings: + <pre>sudo grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command: + {{% if product in ["rhel7", "ol7", "rhel8", "ol8"] %}} +- <pre>sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh +index 5d8daaa6..604dc02c 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Removes ipv6.disable argument from kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh +index 0e84a458..bf898a7c 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1" +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh +index db339c35..38d2f0d6 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Break the ipv6.disable argument in kernel command line in /boot/grub2/grubenv + file="/boot/grub2/grubenv" +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/kernel_module_ipv6_option_disabled/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/kernel_module_ipv6_option_disabled/bash/shared.sh +index a7766ecf..f309a1a9 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/kernel_module_ipv6_option_disabled/bash/shared.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/kernel_module_ipv6_option_disabled/bash/shared.sh +@@ -3,10 +3,8 @@ + # Prevent the IPv6 kernel module (ipv6) from loading the IPv6 networking stack + echo "options ipv6 disable=1" > /etc/modprobe.d/ipv6.conf + +-# Since according to: https://access.redhat.com/solutions/72733 + # "ipv6 disable=1" options doesn't always disable the IPv6 networking stack from +-# loading, instruct also sysctl configuration to disable IPv6 according to: +-# https://access.redhat.com/solutions/8709#rhel6disable ++# loading + + declare -a IPV6_SETTINGS=("net.ipv6.conf.all.disable_ipv6" "net.ipv6.conf.default.disable_ipv6") + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml +index 86299ffb..672d504a 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Interface Usage of IPv6' + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh +index 48e71c26..5a54df85 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + + # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC + # services for NFSv4 from attempting to start IPv6 network listeners +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml +index 489bfe6a..ae8202be 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable Support for RPC IPv6' + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml +index ed9b0970..d924e682 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Disable IPv6 Networking Support Automatic Loading' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +index 53eed93a..d7882075 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index ffbc4522..1b4e7ff4 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +@@ -41,7 +41,7 @@ references: + iso27001-2013: A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.9.1.2 + cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 + cis@sle15: 3.3.2 +- stigid@rhel8: RHEL-08-040280 ++ stigid@almalinux8: RHEL-08-040280 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_redirects", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +index 9aa09b26..25027ce5 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index 4bb38a2e..f953069f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +@@ -41,7 +41,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 + cis@sle15: 3.3.1 +- stigid@rhel8: RHEL-08-040240 ++ stigid@almalinux8: RHEL-08-040240 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_source_route", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +index 0747c89c..b9c43ab2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +index 876186b1..ab045b1e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +index c29abffc..cfa071f5 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index 3d1dfb6e..162db994 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +@@ -36,7 +36,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + cis@sle15: 3.3.7 + stigid@rhel7: RHEL-07-040611 +- stigid@rhel8: RHEL-08-040285 ++ stigid@almalinux8: RHEL-08-040285 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.rp_filter", value="1") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +index 8a150f8e..a5514212 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index 5d71eb2f..4474385b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +index 31f042ba..797d6520 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +index 4486a92e..4e91a1fb 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,sle12 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' + +@@ -41,7 +41,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 + cis@sle15: 3.3.3 +- stigid@rhel8: RHEL-08-040210 ++ stigid@almalinux8: RHEL-08-040210 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_redirects", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +index 8262ae83..4ab5cba1 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index f7ee2e98..e9d832ad 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +index 52d0de9a..834b1b95 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +index f28664d9..ad3e3ae1 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +index 06defef8..e2674f36 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index 86240083..88d3b04a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +index bdcc7bb6..123b4ade 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index 022a67d1..34637b5a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +index 83baebf3..f19e3aa9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index f1c4947d..b105ca20 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +@@ -38,7 +38,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 + cis@sle15: 3.3.5 +- stigid@rhel8: RHEL-08-040230 ++ stigid@almalinux8: RHEL-08-040230 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +index 3ac87232..08fb5408 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index 730ba048..77a410a6 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml +index e38ecebc..f898962c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Set Kernel Parameter to Increase Local Port Range' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml +index e68faf00..55a3f222 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle15,wrlinux1019 + + title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml +index 7843c189..4eeb57ff 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +index b063545e..0d2f8f4e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +index 7989394c..6c852621 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +index 7e936408..26534803 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index 779b9268..ba1b6f78 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +@@ -39,7 +39,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 + cis@sle15: 3.2.2 +- stigid@rhel8: RHEL-08-040220 ++ stigid@almalinux8: RHEL-08-040220 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.send_redirects", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +index 2b3c36d7..3497675f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index ade1338b..f530a718 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +@@ -39,7 +39,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,2,3,4,6,7,8,9 + cis@sle15: 3.2.2 +- stigid@rhel8: RHEL-08-040270 ++ stigid@almalinux8: RHEL-08-040270 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.send_redirects", value="0") }}} + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index 6274897a..54a5f33e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,rhcos4,sle12 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +@@ -36,7 +36,7 @@ references: + iso27001-2013: A.12.1.2,A.12.1.3,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.17.2.1,A.9.1.2 + cis-csc: 1,11,12,13,14,15,16,2,3,7,8,9 + cis@sle15: 3.2.1 +- stigid@rhel8: RHEL-08-040260 ++ stigid@almalinux8: RHEL-08-040260 + + ocil: |- + {{{ ocil_sysctl_option_value(sysctl="net.ipv4.ip_forward", value="0") }}} +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml +index dea03eed..edc8d08b 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +index caff3aaa..e0ee3175 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable ATM Support' + +@@ -24,7 +24,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040021 ++ stigid@almalinux8: RHEL-08-040021 + + {{{ complete_ocil_entry_module_disable(module="atm") }}} + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml +index 9149b18d..dc6a23a3 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +index f25e86ab..a191f73f 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable CAN Support' + +@@ -24,7 +24,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040022 ++ stigid@almalinux8: RHEL-08-040022 + + {{{ complete_ocil_entry_module_disable(module="can") }}} + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +index d9db321b..efd3bb3d 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable DCCP Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml +index b245fd66..d477a75f 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +index 3c856475..2e7e80a4 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable IEEE 1394 (FireWire) Support' + +@@ -23,7 +23,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040026 ++ stigid@almalinux8: RHEL-08-040026 + + {{{ complete_ocil_entry_module_disable(module="firewire-core") }}} + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml +index 22d44d76..61faee09 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index 8db0f115..e6d5d70c 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable SCTP Support' + +@@ -34,7 +34,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 + cis-csc: 11,14,3,9 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040023 ++ stigid@almalinux8: RHEL-08-040023 + + {{{ complete_ocil_entry_module_disable(module="sctp") }}} + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml +index 209afc09..c494ef11 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml +index 5953d5ca..2c0a509f 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml +@@ -37,7 +37,7 @@ references: + cis-csc: 11,14,3,9 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040024 ++ stigid@almalinux8: RHEL-08-040024 + + {{{ complete_ocil_entry_module_disable(module="tipc") }}} + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml +index 18187e58..05988c7a 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +index a6c9b7ed..9e03fd79 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable Bluetooth Kernel Module' + +@@ -35,7 +35,7 @@ references: + iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2 + cis-csc: 11,12,14,15,3,8,9 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040111 ++ stigid@almalinux8: RHEL-08-040111 + + {{{ complete_ocil_entry_module_disable(module="bluetooth") }}} + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml +index a39d662b..0ae62c2d 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4,rhcos4 + + title: 'Disable Bluetooth Service' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml +index 36507a5d..c5651ad4 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8 + + title: 'Disable WiFi or Bluetooth in BIOS' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +index d683b2ed..30f79528 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Deactivate Wireless Network Interfaces' + +@@ -45,7 +45,7 @@ references: + cis-csc: 11,12,14,15,3,8,9 + cis@sle15: 3.1.2 + ism: 1315,1319 +- stigid@rhel8: RHEL-08-040110 ++ stigid@almalinux8: RHEL-08-040110 + + ocil_clause: 'it is not' + +diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +index 8450e29b..ca62146f 100644 +--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml ++++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Configure Multiple DNS Servers in /etc/resolv.conf' + +@@ -39,7 +39,7 @@ references: + cobit5: APO13.01,DSS05.02 + iso27001-2013: A.13.1.1,A.13.2.1,A.14.1.3 + cis-csc: 12,15,8 +- stigid@rhel8: RHEL-08-010680 ++ stigid@almalinux8: RHEL-08-010680 + + ocil_clause: 'it does not exist or is not properly configured or less than 2 ''nameserver'' entries exist' + +diff --git a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml +index 3e286d37..d930a0ca 100644 +--- a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Client Dynamic DNS Updates' + +diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh +index 6f2e6fa2..ea9c566f 100644 +--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh ++++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh +@@ -1,2 +1,2 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + echo "NOZEROCONF=yes" >> /etc/sysconfig/network +diff --git a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml +index 4ad51bb5..d7bdf744 100644 +--- a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml ++++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Zeroconf Networking' + +diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml +index 3f497dc7..f85aac04 100644 +--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml ++++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh b/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh +index c3b0b981..cd447e5f 100644 +--- a/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh ++++ b/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +index 3ead3ea6..dc9ddf40 100644 +--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml ++++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4 + + title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli' + +diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +index 222063ae..30d7aa78 100644 +--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml ++++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure System is Not Acting as a Network Sniffer' + +@@ -42,7 +42,7 @@ references: + cobit5: APO11.06,APO12.06,BAI03.10,BAI09.01,BAI09.02,BAI09.03,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.05,DSS04.05,DSS05.02,DSS05.05,DSS06.06 + iso27001-2013: A.11.1.2,A.11.2.4,A.11.2.5,A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.16.1.6,A.8.1.1,A.8.1.2,A.9.1.2 + cis-csc: 1,11,14,3,9 +- stigid@rhel8: RHEL-08-040330 ++ stigid@almalinux8: RHEL-08-040330 + + ocil_clause: 'any network device is in promiscuous mode' + +diff --git a/linux_os/guide/system/network/network_ssl/group.yml b/linux_os/guide/system/network/network_ssl/group.yml +index b641ec61..bcd4f7c4 100644 +--- a/linux_os/guide/system/network/network_ssl/group.yml ++++ b/linux_os/guide/system/network/network_ssl/group.yml +@@ -13,7 +13,3 @@ description: |- + <b>{{{ weblink(link="http://www.openssl.org/docs/") }}}</b>. Information on FIPS validation + of OpenSSL is available at <b>{{{ weblink(link="http://www.openssl.org/docs/fips.html") }}}</b> + and <b>{{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm") }}}</b>. +- {{% if product == "rhel7" %}} +- For information on how to use and implement OpenSSL on Red Hat Enterprise Linux, see +- <b>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_OpenSSL.html") }}}</b> +- {{% endif %}} +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml +index b49e8cd0..bbbdb90b 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019 ++# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/bash/shared.sh +index 0e120f96..7826c449 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/bash/shared.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019 ++# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019 + + find / -not -fstype afs -not -fstype ceph -not -fstype cifs -not -fstype smb3 -not -fstype smbfs -not -fstype sshfs -not -fstype ncpfs -not -fstype ncp -not -fstype nfs -not -fstype nfs4 -not -fstype gfs -not -fstype gfs2 -not -fstype glusterfs -not -fstype gpfs -not -fstype pvfs2 -not -fstype ocfs2 -not -fstype lustre -not -fstype davfs -not -fstype fuse.sshfs -type d -perm -0002 -uid +0 -exec chown root {} \; +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +index 02e9ce01..39fce0b2 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure All World-Writable Directories Are Owned by root user' + +@@ -24,7 +24,7 @@ identifiers: + + references: + anssi: BP28(R40) +- stigid@rhel8: RHEL-08-010700 ++ stigid@almalinux8: RHEL-08-010700 + srg: SRG-OS-000480-GPOS-00227 + + ocil_clause: 'there is output' +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +index e49942d1..426dc99c 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + df --local -P | awk '{if (NR!=1) print $6}' \ + | xargs -I '{}' find '{}' -xdev -type d \ + \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +index 3c9e31b9..a2aa40a0 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml +@@ -48,7 +48,7 @@ references: + cis-csc: 12,13,14,15,16,18,3,5 + cis@sle15: 1.1.22 + stigid@sle12: SLES-12-010460 +- stigid@rhel8: RHEL-08-010190 ++ stigid@almalinux8: RHEL-08-010190 + srg: SRG-OS-000138-GPOS-00069 + + ocil_clause: 'any world-writable directories are missing the sticky bit' +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml +index e5d22bf7..75dc5df8 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure All World-Writable Directories Are Owned by a System Account' + +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml +index 8578172a..3f2dd5b6 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Ensure All World-Writable Directories Are Group Owned by a System Account' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +index 6ff491f9..892482a0 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,wrlinux1019,sle15,wrlinux8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019,sle15,wrlinux8 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +index a49890c7..d544cf4e 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019,wrlinux8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15,wrlinux1019,wrlinux8 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index a9efbdda..10994f97 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure All Files Are Owned by a Group' + +@@ -42,7 +42,7 @@ references: + cis-csc: 1,11,12,13,14,15,16,18,3,5 + cis@sle15: 6.1.12 + stigid@sle12: SLES-12-010700 +- stigid@rhel8: RHEL-08-010790 ++ stigid@almalinux8: RHEL-08-010790 + + ocil_clause: 'there is output' + +diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +index 6acae65b..b6402961 100644 +--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml ++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure All Files Are Owned by a User' + +@@ -42,7 +42,7 @@ references: + cis-csc: 11,12,13,14,15,16,18,3,5,9 + cis@sle15: 6.1.11 + stigid@sle12: SLES-12-010690 +- stigid@rhel8: RHEL-08-010780 ++ stigid@almalinux8: RHEL-08-010780 + + ocil_clause: 'files exist that are not owned by a valid user' + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml +index 5b1e48a3..08a0714c 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh +index e2495d24..88c96d74 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + find /bin/ \ + /usr/bin/ \ + /usr/local/bin/ \ +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml +index 36943519..4ade86e3 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-010310 ++ stigid@almalinux8: RHEL-08-010310 + srg: SRG-OS-000259-GPOS-00100 + + ocil_clause: 'any system executables are found to not be owned by root' +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml +index c13c1a03..e535be72 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh +index d92ff6cb..83ee1ce7 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 + do + if [ -d $LIBDIR ] +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml +index c3999716..7b3d19a1 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml +@@ -37,7 +37,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-010340 ++ stigid@almalinux8: RHEL-08-010340 + srg: SRG-OS-000259-GPOS-00100 + + ocil_clause: 'any of these files are not owned by root' +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml +index a7d8bc9c..12e69824 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh +index 5d95c987..6ff7b18a 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec" + for dirPath in $DIRS; do + find "$dirPath" -perm /022 -exec chmod go-w '{}' \; +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml +index efe4a723..8ec19695 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-010300 ++ stigid@almalinux8: RHEL-08-010300 + srg: SRG-OS-000259-GPOS-00100 + + ocil_clause: 'any system executables are found to be group or world writable' +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml +index a174202b..6d0e04c5 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/bash/shared.sh +index 4db9903a..065ee49b 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + DIRS="/lib /lib64 /usr/lib /usr/lib64" + for dirPath in $DIRS; do + find "$dirPath" -perm /022 -type f -exec chmod go-w '{}' \; +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml +index e3a067e0..5bc8e025 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml +@@ -37,7 +37,7 @@ references: + cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 +- stigid@rhel8: RHEL-08-010330 ++ stigid@almalinux8: RHEL-08-010330 + srg: SRG-OS-000259-GPOS-00100 + + ocil_clause: 'any of these files are group-writable or world-writable' +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +index 1da03eb4..39378e3a 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml +index 9874bb19..ab9d9022 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml +@@ -22,7 +22,7 @@ references: + cis: 1.6.1 + nist: CM-6(a),AC-6(1) + srg: SRG-OS-000324-GPOS-00125 +- stigid@rhel8: RHEL-08-010374 ++ stigid@almalinux8: RHEL-08-010374 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +index 202dcf4e..ce228ef2 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml +index 65528399..f6ae398b 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml +@@ -24,7 +24,7 @@ references: + cis: 1.6.1 + nist: CM-6(a),AC-6(1) + srg: SRG-OS-000324-GPOS-00125 +- stigid@rhel8: RHEL-08-010373 ++ stigid@almalinux8: RHEL-08-010373 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml +index 184a746f..0807776c 100644 +--- a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Assign Password to Prevent Changes to Boot Firmware Configuration' + +diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml +index ce7279a4..df47f202 100644 +--- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8 + + title: 'Disable Booting from USB Devices in Boot Firmware' + +diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml +index de30837a..e8711900 100644 +--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8 + + title: 'Disable Kernel Support for USB via Bootloader Configuration' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml +index a69f66e9..33e8700b 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +index 302154b6..507c217b 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of cramfs' + +@@ -39,7 +39,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2 + cis-csc: 11,14,3,9 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040025 ++ stigid@almalinux8: RHEL-08-040025 + + {{{ complete_ocil_entry_module_disable(module="cramfs") }}} + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml +index 9d6e828c..72b9d2f7 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml +index 4da8a206..76777e82 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of freevxfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml +index 3baf256a..2a689ef3 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml +index bca3d89c..dec05325 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of hfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml +index 03138071..5034b75b 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml +index b6d92359..89fe32ef 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of hfsplus' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml +index b0ecca7b..1fece6ff 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml +index 6397b9cc..6c04a159 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of jffs2' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml +index be99e6bb..f1a61993 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +index 90b041a9..ad74e1bb 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,sle15 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Mounting of squashfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml +index 83486ee2..3ffb3c0e 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +index 4686c41c..3059f89c 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,sle15,ubuntu1804 + + title: 'Disable Mounting of udf' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml +index 8c8c5b09..92c1ed81 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +index d1d2bf97..c5f4aabc 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Disable Modprobe Loading of USB Storage Driver' + +@@ -41,7 +41,7 @@ references: + cis@rhel8: 1.1.23 + cis@sle15: 1.1.3 + stigid@sle12: SLES-12-010580 +- stigid@rhel8: RHEL-08-040080 ++ stigid@almalinux8: RHEL-08-040080 + + {{{ complete_ocil_entry_module_disable(module="usb-storage") }}} + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml +index 2df05ff8..bea47357 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml +index 7383973c..f3c5e50c 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Disable Mounting of vFAT filesystems' + +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml +index 00f06ba3..c81ad1b1 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +index 00d1282a..16700b80 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019,ubuntu1804 + + title: 'Disable the Automounter' + +@@ -46,7 +46,7 @@ references: + iso27001-2013: A.11.2.6,A.13.1.1,A.13.2.1,A.18.1.4,A.6.2.1,A.6.2.2,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 + cis@sle15: 1.1.23 +- stigid@rhel8: RHEL-08-040070 ++ stigid@almalinux8: RHEL-08-040070 + + ocil: '{{{ ocil_service_disabled(service="autofs") }}}' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml +index 5c65ac7e..6af7c3bc 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add noauto Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +index 52561195..85de1224 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nodev Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml +index b5925dd1..6eded472 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +index a4da22f6..43a73812 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nosuid Option to /boot' + +@@ -27,7 +27,7 @@ references: + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 + anssi: BP28(R12) +- stigid@rhel8: RHEL-08-010571 ++ stigid@almalinux8: RHEL-08-010571 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml +index 318117fc..4b932d75 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml +@@ -36,7 +36,7 @@ references: + cis-csc: 11,13,14,3,8,9 + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.16 +- stigid@rhel8: RHEL-08-040120 ++ stigid@almalinux8: RHEL-08-040120 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +index f41387ab..babbeff1 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to /dev/shm' + +@@ -39,7 +39,7 @@ references: + cis-csc: 11,13,14,3,8,9 + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.17 +- stigid@rhel8: RHEL-08-040122 ++ stigid@almalinux8: RHEL-08-040122 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml +index d844c9c3..9440c15d 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml +@@ -36,7 +36,7 @@ references: + cis-csc: 11,13,14,3,8,9 + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.18 +- stigid@rhel8: RHEL-08-040121 ++ stigid@almalinux8: RHEL-08-040121 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +index dd944b4e..6c314a80 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to /home' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +index 4e60c7a5..225563c0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /home' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +index 37e8f7fb..34a0c882 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,rhcos4,sle12 + + title: 'Add nosuid Option to /home' + +@@ -38,7 +38,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227 + stigid@sle12: SLES-12-010790 +- stigid@rhel8: RHEL-08-010570 ++ stigid@almalinux8: RHEL-08-010570 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +index f7c3502b..689c31b5 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nodev Option to Non-Root Local Partitions' + +@@ -42,6 +42,6 @@ references: + cis-csc: 11,14,3,9 + srg: SRG-OS-000368-GPOS-00154 + anssi: BP28(R12) +- stigid@rhel8: RHEL-08-010580 ++ stigid@almalinux8: RHEL-08-010580 + + platform: machine +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +index 5912fb9d..1ba87cbf 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to Removable Media Partitions' + +@@ -36,7 +36,7 @@ references: + iso27001-2013: A.11.2.6,A.11.2.9,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.7.1.1,A.8.2.1,A.8.2.2,A.8.2.3,A.8.3.1,A.8.3.3,A.9.1.2,A.9.2.1 + cis-csc: 11,12,13,14,16,3,8,9 + cis@sle15: 1.1.19 +- stigid@rhel8: RHEL-08-010600 ++ stigid@almalinux8: RHEL-08-010600 + srg: SRG-OS-000480-GPOS-00227 + + platform: machine +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +index d329ad29..abe7974f 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to Removable Media Partitions' + +@@ -34,7 +34,7 @@ references: + iso27001-2013: A.11.2.6,A.11.2.9,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.7.1.1,A.8.2.1,A.8.2.2,A.8.2.3,A.8.3.1,A.8.3.3,A.9.1.2,A.9.2.1 + cis-csc: 11,12,13,14,16,3,8,9 + cis@sle15: 1.1.20 +- stigid@rhel8: RHEL-08-010610 ++ stigid@almalinux8: RHEL-08-010610 + srg: SRG-OS-000480-GPOS-00227 + + ocil_clause: 'removable media partitions are present' +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +index 9ed257aa..d999c672 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 + + title: 'Add nosuid Option to Removable Media Partitions' + +@@ -41,7 +41,7 @@ references: + cis-csc: 11,12,13,14,15,16,18,3,5,8,9 + cis@sle15: 1.1.21 + stigid@sle12: SLES-12-010800 +- stigid@rhel8: RHEL-08-010620 ++ stigid@almalinux8: RHEL-08-010620 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml +index 949ccbd8..722a242c 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add nosuid Option to /opt' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml +index 9e905454..0d695f8d 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add nosuid Option to /srv' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +index 35173f9e..b8259ada 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15,ubuntu1804,rhcos4 + + title: 'Add nodev Option to /tmp' + +@@ -35,7 +35,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.4 +- stigid@rhel8: RHEL-08-040123 ++ stigid@almalinux8: RHEL-08-040123 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +index 4f831bda..95c46960 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15,rhcos4 + + title: 'Add noexec Option to /tmp' + +@@ -34,7 +34,7 @@ references: + cis-csc: 11,13,14,3,8,9 + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040125 ++ stigid@almalinux8: RHEL-08-040125 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +index 5bcbebdf..9f6855a9 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15,ubuntu1804,rhcos4 + + title: 'Add nosuid Option to /tmp' + +@@ -35,7 +35,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.5 +- stigid@rhel8: RHEL-08-040124 ++ stigid@almalinux8: RHEL-08-040124 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +index 404386d7..623c89e0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nodev Option to /var/log/audit' + +@@ -28,7 +28,7 @@ references: + nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040129 ++ stigid@almalinux8: RHEL-08-040129 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +index 93c63a75..67ee373f 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add noexec Option to /var/log/audit' + +@@ -26,7 +26,7 @@ references: + nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040131 ++ stigid@almalinux8: RHEL-08-040131 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +index 7ee72139..834f117e 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nosuid Option to /var/log/audit' + +@@ -27,7 +27,7 @@ references: + nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040130 ++ stigid@almalinux8: RHEL-08-040130 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +index 8959bd0b..26ab0da0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nodev Option to /var/log' + +@@ -28,7 +28,7 @@ references: + nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7 + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040126 ++ stigid@almalinux8: RHEL-08-040126 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +index baf1eea4..8d3a73bd 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add noexec Option to /var/log' + +@@ -27,7 +27,7 @@ references: + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 + anssi: BP28(R12) +- stigid@rhel8: RHEL-08-040128 ++ stigid@almalinux8: RHEL-08-040128 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +index beee543c..2df4d9ce 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nosuid Option to /var/log' + +@@ -28,7 +28,7 @@ references: + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000368-GPOS-00154 + anssi: BP28(R12) +- stigid@rhel8: RHEL-08-040127 ++ stigid@almalinux8: RHEL-08-040127 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +index fe4aaae5..5237bbc2 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nodev Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml +index ef2dc47d..1495ae59 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +index 9aa1cd25..2d4b99e0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhcos4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhcos4 + + title: 'Add nosuid Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +index 1466eff5..b49afe45 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml +index 394a3a74..448aebe0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Bind Mount /var/tmp To /tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +index 136ba137..df98873f 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to /var/tmp' + +@@ -29,7 +29,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.9 +- stigid@rhel8: RHEL-08-040132 ++ stigid@almalinux8: RHEL-08-040132 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +index 8eb0eafc..b02730f7 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to /var/tmp' + +@@ -29,7 +29,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.11 +- stigid@rhel8: RHEL-08-040134 ++ stigid@almalinux8: RHEL-08-040134 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +index 90c57879..6217a0dd 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Add nosuid Option to /var/tmp' + +@@ -29,7 +29,7 @@ references: + anssi: BP28(R12) + srg: SRG-OS-000368-GPOS-00154 + cis@sle15: 1.1.10 +- stigid@rhel8: RHEL-08-040133 ++ stigid@almalinux8: RHEL-08-040133 + + platform: machine + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +index 23647c69..49034b0d 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml +index 79af2052..74adb940 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml +@@ -30,7 +30,7 @@ references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000480-GPOS-00227 + cis@rhel8: 1.6.1 +- stigid@rhel8: RHEL-08-010675 ++ stigid@almalinux8: RHEL-08-010675 + + ocil_clause: ProcessSizeMax is not set to zero + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +index 23647c69..49034b0d 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml +index 9fdb4d8f..bf2925f4 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml +@@ -26,7 +26,7 @@ references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000480-GPOS-00227 + cis@rhel8: 1.6.1 +- stigid@rhel8: RHEL-08-010674 ++ stigid@almalinux8: RHEL-08-010674 + + ocil_clause: Storage is not set to none + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh +index 5d6b55f0..97f8f558 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + SECURITY_LIMITS_FILE="/etc/security/limits.conf" + + if grep -qE '\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +index 6f9455b9..62d07a86 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +index 991c92dd..a325550b 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Disable Core Dumps for All Users' + +@@ -30,7 +30,7 @@ references: + iso27001-2013: A.12.1.3,A.17.2.1 + cis-csc: 1,12,13,15,16,2,7,8 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010673 ++ stigid@almalinux8: RHEL-08-010673 + + ocil_clause: 'it is not' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +index 125e764b..9d1c6765 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable acquiring, saving, and processing core dumps' + +@@ -25,7 +25,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010672 ++ stigid@almalinux8: RHEL-08-010672 + + ocil_clause: unit systemd-coredump.socket is not masked or running + +diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh +index f689f4b2..34430b60 100644 +--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh ++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_umask_for_daemons") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml +index 9039909d..5159b7aa 100644 +--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Set Daemon Umask' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash/shared.sh +index cf0da83d..cf230476 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash/shared.sh ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/bash/shared.sh +@@ -1,7 +1,7 @@ + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv + if [ "$(getconf LONG_BIT)" = "32" ] ; then + # + # Set runtime for kernel.exec-shield +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +index c584d7ff..1278522b 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable ExecShield via sysctl' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +index b2136788..76db834f 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml +index c9794729..6eae8d6e 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml +@@ -22,7 +22,7 @@ references: + anssi: BP28(R23) + nist: SC-30,SC-30(2),SC-30(5),CM-6(a) + srg: SRG-OS-000132-GPOS-00067 +- stigid@rhel8: RHEL-08-040283 ++ stigid@almalinux8: RHEL-08-040283 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +index 1284acb3..5fb5baa6 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +index 950ae6b0..a7c9665d 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml +@@ -29,7 +29,7 @@ references: + nist: SC-30,SC-30(2),CM-6(a) + srg: SRG-OS-000433-GPOS-00193,SRG-OS-000480-GPOS-00227 + anssi: BP28(R23) +- stigid@rhel8: RHEL-08-010430 ++ stigid@almalinux8: RHEL-08-010430 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.randomize_va_space", value="2") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +index e3a6c5a6..14c6fd7b 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Enable NX or XD Support in the BIOS' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml +index ff60829e..8a7e31ae 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install PAE Kernel on Supported 32-bit x86 Systems' + +diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +index 48acc4d2..48379fb0 100644 +--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable page allocator poisoning' + +@@ -27,7 +27,7 @@ identifiers: + references: + srg: SRG-OS-000480-GPOS-00227 + nist: CM-6(a) +- stigid@rhel8: RHEL-08-010421 ++ stigid@almalinux8: RHEL-08-010421 + + ocil_clause: 'page allocator poisoning is not enabled' + +@@ -54,9 +54,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +index 516409b6..fd21c1d3 100644 +--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable SLUB/SLAB allocator poisoning' + +@@ -27,7 +27,7 @@ identifiers: + references: + srg: SRG-OS-000433-GPOS-00192 + nist: CM-6(a) +- stigid@rhel8: RHEL-08-010423 ++ stigid@almalinux8: RHEL-08-010423 + + ocil_clause: 'SLUB/SLAB poisoning is not enabled' + +@@ -54,9 +54,9 @@ warnings: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: + {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% else %}} +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + {{% endif %}} + </ul> + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +index dcc07dd7..5f1756b0 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +index 60e50484..8bb15695 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable storing core dumps' + +@@ -20,7 +20,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010671 ++ stigid@almalinux8: RHEL-08-010671 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.core_pattern", value="|/bin/false") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +index 2a41e267..805c8397 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +index 90fcd34f..30d0db73 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Restrict Access to Kernel Message Buffer' + +@@ -24,7 +24,7 @@ references: + nist: SI-11(a),SI-11(b) + anssi: BP28(R23) + srg: SRG-OS-000132-GPOS-00067 +- stigid@rhel8: RHEL-08-010375 ++ stigid@almalinux8: RHEL-08-010375 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +index 0e9d3cc9..369326c0 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +index 83710b7c..be500446 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Kernel Image Loading' + +@@ -19,7 +19,7 @@ identifiers: + + references: + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010372 ++ stigid@almalinux8: RHEL-08-010372 + + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}} +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml +index 438cd275..cb51e625 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable loading and unloading of kernel modules' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml +index eb580cf6..3a127b0c 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Limit CPU consumption of the Perf system' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml +index 3123fe46..eac9f645 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Limit sampling frequency of the Perf system' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +index 842cf6cd..2506a244 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +index c9fe044a..8275d0d4 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,almalinux8 + + title: 'Disallow kernel profiling by unprivileged users' + +@@ -20,7 +20,7 @@ references: + anssi: BP28(R23) + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000132-GPOS-00067 +- stigid@rhel8: RHEL-08-010376 ++ stigid@almalinux8: RHEL-08-010376 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml +index a9f426c4..82868ae4 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Configure maximum number of process identifiers' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +index ae2af137..48e8481f 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Disallow magic SysRq key' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +index 5260f3d6..471f7383 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +index 200c2eba..2e0a273c 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes' + +@@ -20,7 +20,7 @@ identifiers: + references: + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000132-GPOS-00067 +- stigid@rhel8: RHEL-08-040281 ++ stigid@almalinux8: RHEL-08-040281 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +index 8f8ee9e6..51b1c825 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +index 68483432..5fde719f 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Restrict usage of ptrace to descendant processes' + +@@ -22,7 +22,7 @@ identifiers: + references: + anssi: BP28(R25) + srg: SRG-OS-000132-GPOS-00067 +- stigid@rhel8: RHEL-08-040282 ++ stigid@almalinux8: RHEL-08-040282 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +index 0658d750..08b4033b 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +index 9094985e..60134a02 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Harden the operation of the BPF just-in-time compiler' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +index 66aae71b..d39a07b9 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +index 5e3929ec..fa72fb18 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Disable the use of user namespaces' + +@@ -29,7 +29,7 @@ references: + ospp: FMT_SMF_EXT.1 + nist: SC-39,CM-6(a) + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-040284 ++ stigid@almalinux8: RHEL-08-040284 + + {{{ complete_ocil_entry_sysctl_option_value(sysctl="user.max_user_namespaces", value="0") }}} + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml +index 026c651b..0fadfb8c 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,almalinux8 + + title: 'Prevent applications from mapping low portion of virtual memory' + +diff --git a/linux_os/guide/system/selinux/group.yml b/linux_os/guide/system/selinux/group.yml +index 6525cb49..9aa698fa 100644 +--- a/linux_os/guide/system/selinux/group.yml ++++ b/linux_os/guide/system/selinux/group.yml +@@ -23,11 +23,5 @@ description: |- + default (targeted) policy on every {{{ full_name }}} system, unless that + system has unusual requirements which make a stronger policy + appropriate. +- {{% if product == "rhel7" %}} +- <br /><br /> +- For more information on SELinux, see <b>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide") }}}</b>. +- {{% elif product == "ol7" %}} +- For more information on SELinux, see <b>{{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54669/html/ol7-s1-syssec.html") }}}</b>. +- {{% endif %}} + + platform: machine +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml +index e9ff094d..f0a8bcdb 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh +index 735354a2..0c13b196 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + + sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* + sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +index a5bab5f5..3dc0043d 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure SELinux Not Disabled in /etc/default/grub' + +diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +index 1785951f..82bc4bd5 100644 +--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4,sle15 + + title: 'Install libselinux Package' + +diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml +index 6cbcc4f5..8b9142a9 100644 +--- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,almalinux8,sle15 + + title: 'Uninstall mcstrans Package' + +diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +index 6c23fae1..4f9d6675 100644 +--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'Install policycoreutils-python-utils package' + +diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +index a107af62..2c954abb 100644 +--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install policycoreutils Package' + +@@ -30,7 +30,7 @@ identifiers: + + references: + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010171 ++ stigid@almalinux8: RHEL-08-010171 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml +index fb25ba1b..d6603bd5 100644 +--- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,almalinux8,sle15 + + title: 'Uninstall setroubleshoot Package' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml +index 8cf0b59e..d09e423c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the abrt_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml +index 96a33aa5..0446f71e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the abrt_handle_event SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml +index 8bb491c3..6bea1884 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml +index 121a20bc..ae1be405 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the antivirus_can_scan_system SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml +index e6e4db3e..4f326276 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the antivirus_use_jit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml +index 7f62cbc4..810fc617 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the auditadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml +index 94da96b5..0718ce48 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml +index 0c7cd89c..5850b310 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the authlogin_radius SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml +index d5c3b2d2..1f598eca 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the authlogin_yubikey SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml +index 8d3ba46e..e7ea3afc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the awstats_purge_apache_log_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml +index ada23a12..2ba407bd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the boinc_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml +index c91ea638..f68f50eb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cdrecord_read_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml +index 379ff1f0..9e3b3280 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cluster_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml +index 59d8031e..436cf42f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cluster_manage_all_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml +index 7821e870..2bbd8939 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cluster_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml +index 20410a12..08f2f797 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cobbler_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml +index 51019f37..b4c27f73 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cobbler_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml +index b13d5ad0..8b879660 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cobbler_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml +index d966a917..650521da 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cobbler_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml +index a37cdae2..b957c1c5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the collectd_tcp_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml +index 013787bf..274aa31e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the condor_tcp_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml +index d11043ad..a239e797 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the conman_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml +index 4a796474..2caf423a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the container_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml +index df124598..0b8b71cf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the cron_can_relabel SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml +index 1ad93e32..259cf39f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml +index d975541c..e67b9b41 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the cron_userdomain_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml +index ee135d2d..a574619d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cups_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml +index 0c30cca7..d4223dbb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the cvs_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml +index dbe50667..db51bbf6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the daemons_dump_core SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml +index a20039aa..ef51eeda 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the daemons_enable_cluster_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml +index 67946241..c855009a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml +index 5837c3ba..84df3409 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the daemons_use_tty SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml +index 858c0d10..3865daf1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the dbadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml +index 931e3049..87b694ed 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the dbadm_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml +index d3d5a7fc..35754ddc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the dbadm_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml +index ed96d01f..09d2a14d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the deny_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml +index d3fa16f5..4d183301 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the deny_ptrace SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml +index 8ba08904..0adfc31f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the dhcpc_exec_iptables SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml +index b5d3065a..3195a273 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the dhcpd_use_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml +index 274049ae..426b62f3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the domain_fd_use SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml +index 0ebcd138..73dc57c8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the domain_kernel_load_modules SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml +index 4670b928..3d8ad66e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the entropyd_use_audio SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml +index d51de115..14f495db 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the exim_can_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml +index ba27309e..d23743af 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the exim_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml +index 07d19af7..401db147 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the exim_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml +index d4cd0f86..0d671ca8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the fcron_crond SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml +index f470600f..312fa446 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the fenced_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml +index d37d6273..3ef60e19 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the fenced_can_ssh SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml +index cc3abdfb..85454074 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the fips_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml +index 543d3fd6..7fdb52f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml +index ddf070c2..5cc7c69b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml +index 580302e7..82f89609 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml +index e92d9e3d..25e22fb6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_full_access SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml +index 57a2076a..da541b58 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml +index 83847018..49dd22f3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml +index 677a6c3d..ff452098 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml +index 2fe3581a..a8371d59 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ftpd_use_passive_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml +index 94fc0b51..ad4ebe2d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_cgi_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml +index dd96e9a6..9ddd75dc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_cgi_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml +index 305ec104..8205c20a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_cgi_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml +index 7ac68e42..8bb0c982 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml +index 4d941556..4ab54269 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_session_users SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml +index 4a576e06..44045585 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_system_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml +index ea60ce0c..056e0d3c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_system_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml +index 7c3b62a7..fd5df642 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the git_system_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml +index 6d187556..4aeb35f2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the gitosis_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml +index 0a6caa2f..48649e1d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the glance_api_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml +index da6ee7f3..62c352e6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the glance_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml +index 18643fdb..51d267f5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the glance_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml +index 6169ee96..d745d45a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the global_ssp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml +index 43e73897..2fd9893d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the gluster_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml +index 30fde508..b025346c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the gluster_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml +index 297f92f6..2fb4d168 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure the gluster_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml +index 462281bb..9706856b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the gpg_web_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml +index f29ec4bf..f6607de4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the gssd_read_tmp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml +index e5d7e815..e03244c2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the guest_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml +index 8907de59..c6201008 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the haproxy_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml +index c5c4f1c3..3a84387a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml +index e0cb965a..5194c0c5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure the httpd_builtin_scripting SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml +index 2481c2b3..d91e9810 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_check_spam SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml +index 82594b31..b4ac2f76 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_connect_ftp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml +index 85df4121..a92c59ea 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_connect_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml +index 5e34e3db..85aeb364 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_connect_mythtv SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml +index e3d6dff2..dbfd9567 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_connect_zabbix SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml +index 3a07d281..4365f676 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml +index 4dd16248..d49b6a5b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml +index 65d7fe4a..eadf3608 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_network_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml +index 91dac404..554fd538 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_network_memcache SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml +index 684bc84e..757150b0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_network_relay SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml +index b6087598..522d2311 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml +index 932d032f..66fd34b3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_dbus_avahi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml +index fb8ba251..f7000038 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_dbus_sssd SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml +index aaef3149..8d18efd0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml +index 3a7f808d..0f48bd53 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure the httpd_enable_cgi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml +index 4d5a4f65..72e6a6ce 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_enable_ftp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml +index 5a499936..fd0163d2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml +index 80cbfba0..77e87739 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml +index 4e189e29..cce4ab17 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the httpd_graceful_shutdown SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml +index 5ba2f80b..22b7f2d7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_manage_ipa SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml +index 4d295d3e..63c04aed 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml +index 0305e797..4d892a02 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_mod_auth_pam SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml +index 13a5b5c5..7101ec1f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_read_user_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml +index 1af4ae47..0d51cb13 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_run_ipa SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml +index 4dd02763..9fdebb4a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_run_preupgrade SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml +index db408caa..eb9a8846 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_run_stickshift SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml +index c54f61df..402455f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_serve_cobbler_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml +index 148a248b..7ce925d0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_setrlimit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml +index c6f2551e..1e004457 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_ssi_exec SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml +index d8c0f8e4..555d597e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_sys_script_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml +index 4463d5d2..66625f57 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_tmp_exec SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml +index f8d32c4e..1d789ea2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_tty_comm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml +index 827d0cfd..0ac8d7b6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_unified SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml +index 02930c0f..5903b7e5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml +index 5eea9592..f300e9f5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml +index 081e5f6a..f6f414a9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_gpg SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml +index df5fcc66..b60a79ac 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml +index 58bd098d..0d10324e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_openstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml +index e0dae7c0..d60958d5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_use_sasl SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml +index bd47bbc5..e534e9e7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the httpd_verify_dns SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml +index 86f35028..4df61637 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml +index e2b1dca4..e0e3f0b5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the irc_use_any_tcp_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml +index 23a1b61f..6f93b6e1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the irssi_use_full_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml +index 20fba259..ff3224fc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the kdumpgui_run_bootloader SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml +index ee6964c2..eb6c4b7a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the kerberos_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml +index 71677750..07d0e737 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ksmtuned_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml +index a02e146b..78f5bb6e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the ksmtuned_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml +index 837b10c1..3c008341 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the logadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml +index 3a0d0533..8464de32 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml +index 5cbbcc68..3a3bb77e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml +index 6e62e207..fdd3bafd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the logging_syslogd_use_tty SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml +index 29bd516f..52fc04a2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the login_console_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml +index 6480418a..e5805d79 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the logrotate_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml +index 01ff4c6c..79f04a49 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml +index db118dc9..c9e334e5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the lsmd_plugin_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml +index 7208dbf9..0aec070f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mailman_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml +index 2f859e14..34ccb4b5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mcelog_client SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml +index 5ab580ea..5482ddc1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the mcelog_exec_scripts SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml +index d0020a5f..aa96059d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mcelog_foreground SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml +index 785a3b4a..bad09574 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mcelog_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml +index 815ceb66..5aa36c09 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the minidlna_read_generic_user_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml +index 41956c85..1117dd03 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the mmap_low_allowed SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml +index 05719a62..f905fb1e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the mock_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml +index 5f8a6803..57104586 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the mount_anyfile SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml +index 47917c12..1739322d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml +index 41247b12..8996027a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml +index 0aa299ae..df1a5f62 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml +index 10313318..b1895d06 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_plugin_use_gps SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml +index 36ec0868..b736d320 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_plugin_use_spice SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml +index b31818aa..beed2d5f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mozilla_read_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml +index 764e4dc4..40548094 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mpd_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml +index a979b22c..e0501614 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml +index bcba81eb..f746343e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml +index 415da57a..5deb07f0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mplayer_execstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml +index 655cd238..42eb6478 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the mysql_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml +index 829676a0..837a30be 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the nagios_run_pnp4nagios SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml +index 5daed0ec..63442660 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the nagios_run_sudo SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml +index 7f665742..a2c31743 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the named_tcp_bind_http_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml +index 90f66209..c4bb709b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the named_write_master_zones SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml +index cdde885b..4e8c4345 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the neutron_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml +index af9ffb1b..010d3a0a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the nfs_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml +index 55e97e8a..a9ce86bf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the nfs_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml +index b1c6fdac..c0353213 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the nfsd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml +index 598e6e78..0c01a81b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the nis_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml +index 7bbb60fd..0d2a91f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the nscd_use_shm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml +index 0122a312..0eb95fb6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the openshift_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml +index 40f28c7f..e40cdb3d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the openvpn_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml +index 5d68295c..cf4e7436 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the openvpn_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml +index f2d44d69..1006c5fa 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the openvpn_run_unconfined SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml +index e6c5857e..9de4c798 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml +index 4e9862b9..4dbeb98b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the pcp_read_generic_logs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml +index 0b116122..df07be71 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml +index 534e069e..40d2dddc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the polipo_connect_all_unreserved SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml +index 3d7823ff..1f84bcb0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml +index fe362726..87beeb2a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the polipo_session_users SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml +index fdad8130..32d0873c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the polipo_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml +index 367db106..f59de7cd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the polipo_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml +index b54d82a3..7f154a1a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the polyinstantiation_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml +index 7d174222..0c078249 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the postfix_local_write_mail_spool SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml +index 9d3f42dd..4d2d0deb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the postgresql_can_rsync SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml +index 345571d7..9bb6208b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml +index c9d065f7..9833201a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml +index 3a053f3a..b8ad0648 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml +index 8483121b..ce86c8fc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the pppd_can_insmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml +index 96416d72..1751757b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the pppd_for_user SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml +index d5bb6b14..2de1b8b2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the privoxy_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml +index 8451fe73..563fe230 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the prosody_bind_http_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml +index a610ff18..879e441c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the puppetagent_manage_all_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml +index 30db1743..72cfd812 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the puppetmaster_use_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml +index def236ff..1c0fa193 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the racoon_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml +index 59375fff..1aad03e7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the rsync_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml +index 54c06cce..3c6e47ae 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the rsync_client SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml +index 3c706484..f3fca2a8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the rsync_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml +index fa843c92..34df7ad2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the rsync_full_access SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml +index d67c3a0f..d9bacf7c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_create_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml +index 0d4d6e76..21846ac8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_domain_controller SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml +index 88d8b687..e42e772c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_enable_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml +index a7ec2a3d..9364f57c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml +index d5c1b805..a80a88e5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml +index e06e0fc7..08161747 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_load_libgfapi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml +index 48a07f1b..44ac4d1b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_portmapper SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml +index e0c780f5..defe3bc7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_run_unconfined SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml +index 52d25ff6..d75c0d2a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_share_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml +index 819ae315..be8a2763 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the samba_share_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml +index effcaf70..831b0cf9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the sanlock_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml +index 0294e81a..f576ec8b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the sanlock_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml +index 35100871..19c4918b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the sanlock_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml +index 847144a3..e7c7ec7a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the saslauthd_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml +index 2773cae1..ac55ba22 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the secadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml +index 86565582..b96cd4d0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the secure_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml +index 116da236..4ef94a3d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the secure_mode_insmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml +index 95602971..2b583104 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the secure_mode_policyload SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml +index 7211eac3..bbd6dee1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml +index d9a093f8..771c3d9b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_execheap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml +index 8178f28e..90b0fde3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the selinuxuser_execmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml +index 0a545953..81fcd388 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'disable the selinuxuser_execstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml +index e1d16d16..947aa3f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml +index d07ffa2e..2cf64dab 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the selinuxuser_ping SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml +index 62db4de0..ffc880bc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml +index 193a6c0b..aa1eb675 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml +index a15bf88b..76ce2052 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_share_music SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml +index 29955b7d..7eb36328 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_tcp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml +index b0992267..10063b58 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_udp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml +index 0dc63fdb..fd60d995 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml +index 639fcda9..1d2f2c2d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the sge_domain_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml +index 99f9959c..127af40f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the sge_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml +index 5fbe9a9f..8657be40 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the smartmon_3ware SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml +index cd8cb0d0..1f5b05e4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the smbd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml +index 59c269ba..7cacd996 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the spamassassin_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml +index 40ae769a..1481b1f1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the spamd_enable_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml +index 13d9c595..12a44967 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the squid_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml +index 3c4161d3..67084531 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the squid_use_tproxy SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml +index bf36b6c9..637ef690 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml +index 69c20fc1..0d95d1bb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the ssh_keysign SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml +index 4d264e54..1b7b29d8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the ssh_sysadm_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml +index 0cd2cbbc..e58e1c07 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the staff_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml +index 3a276af9..cc6b9390 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the staff_use_svirt SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml +index fa9e3d25..9311180f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the swift_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml +index d0d798d3..5931458d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the sysadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml +index 2a04d714..67dbd4c6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the telepathy_connect_all_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml +index e203eda5..90c9b5a5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml +index 4485d50e..83082338 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tftp_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml +index 4d9cce1f..d79506fc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tftp_home_dir SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml +index 0ca41b31..939dd046 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tmpreaper_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml +index f07f7b59..fe4b2724 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tmpreaper_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml +index 5ae33cfc..82c99bc9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml +index 4ea25f13..32e1ef84 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the tor_can_network_relay SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml +index c51f2c27..18b2c7a1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml +index 73ce5a0a..98180272 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the unconfined_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml +index 2e7fce62..98efaf95 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml +index b7774771..9d4a8ffc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the unprivuser_use_svirt SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml +index 91e29049..5ffe7588 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml +index af7e2d5c..7f53428f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the use_fusefs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml +index fc5521f5..fee20da4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the use_lpd_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml +index e27a0975..c7f9682e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the use_nfs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml +index 91d29d88..dd83aec0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the use_samba_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml +index c205cefc..76c25672 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the user_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml +index 309e8aba..2c0acbdd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the varnishd_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml +index 8469ba11..4cac8b62 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_read_qemu_ga_data SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml +index 14447887..a8ed5076 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml +index 4e4fce65..a7de8365 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml +index 0df3ed21..1ad501c6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the virt_sandbox_use_audit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml +index 2f32f8b2..6bd93881 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_sandbox_use_mknod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml +index 8be2b322..d81a086a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_sandbox_use_netlink SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml +index eb77bc76..42fcdfe3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml +index dff84eb7..8cc2b16b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_transition_userdomain SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml +index aa39cff5..c79b847f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_comm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml +index 9fe91b1e..fc788b11 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml +index 31f18e0a..160351bd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml +index 1e62cde0..50116c18 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml +index 616f5969..c542fcc1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_rawip SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml +index 4bd85cd0..527d0c4c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml +index ec76880c..064fa32e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_sanlock SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml +index 51ae4c24..f29c1ecf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_usb SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml +index 1d2a0924..5a676c2a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the virt_use_xserver SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml +index 5389b1c1..65d05817 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the webadm_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml +index b5a06819..f17a0881 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the webadm_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml +index 50da2c6d..bd6bfbdb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the wine_mmap_zero_ignore SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml +index 2fae8e58..f11b8087 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml +index 981bb5c2..ef6394ef 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xdm_exec_bootloader SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml +index 81a94e25..520b405d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xdm_sysadm_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml +index e9a9a582..9b3cc2f7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xdm_write_home SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml +index 9ce6183c..1def75b9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the xen_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml +index 75dabac7..5206d486 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the xend_run_blktap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml +index da3c989c..bb232fb7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the xend_run_qemu SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml +index cba7103a..f95d1f2a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xguest_connect_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml +index b816ab2b..3462d997 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xguest_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml +index cc72497b..7e5311d8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xguest_mount_media SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml +index fc8139a7..9604f3d4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xguest_use_bluetooth SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml +index 9bb8a664..20c91dd2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xserver_clients_write_xshm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml +index 9ff72d3b..495c30bb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xserver_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml +index bde9e8cc..3ae9f466 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable the xserver_object_manager SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml +index 9d838bbc..75890c2f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the zabbix_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml +index 8a28b2aa..63d80946 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the zarafa_setrlimit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml +index 6d5c2674..088fb3eb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the zebra_write_config SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml +index 04086918..8e6399a9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the zoneminder_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml +index 3d0dd1b6..13add29b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable the zoneminder_run_sudo SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +index b2b94368..fbd86b87 100644 +--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure No Device Files are Unlabeled by SELinux' + +diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +index d48b713a..a518bb93 100644 +--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Ensure No Daemons are Unconfined by SELinux' + +diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml +index 73e6ec7c..def4c28a 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh +index d84c8acc..c4fec2c4 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh ++++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +index f7d6ce6b..be55a4d5 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Configure SELinux Policy' + +@@ -49,7 +49,7 @@ references: + cobit5: APO01.06,APO11.04,APO13.01,BAI03.05,DSS01.05,DSS03.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.02,DSS06.03,DSS06.06,MEA02.01 + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9 +- stigid@rhel8: RHEL-08-010450 ++ stigid@almalinux8: RHEL-08-010450 + + ocil_clause: 'it does not' + +diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml +index 1c1560a8..fc86b614 100644 +--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh +index ad53e52a..8dcfb1ac 100644 +--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh ++++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml +index 0c4056df..08a026a9 100644 +--- a/linux_os/guide/system/selinux/selinux_state/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_state/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure SELinux State is Enforcing' + +@@ -40,7 +40,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.2,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.1,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 1,11,12,13,14,15,16,18,3,4,5,6,8,9 + anssi: BP28(R4),BP28(R66) +- stigid@rhel8: RHEL-08-010170 ++ stigid@almalinux8: RHEL-08-010170 + + ocil_clause: 'SELINUX is not set to enforcing' + +diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml +index 1a02b545..5b1f7b1e 100644 +--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Map System Users To The Appropriate SELinux Role' + +diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +index 8d5b722c..65d9b4c4 100644 +--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,rhcos4,sle12 + + title: 'Encrypt Partitions' + +@@ -29,15 +29,6 @@ description: |- + with a minimum <tt>512</tt> bit key size which should be compatible with FIPS enabled. + {{% endif %}} + <br /><br /> +- Detailed information on encrypting partitions using LUKS or LUKS ciphers can be found on +- the {{{ full_name }}} Documentation web site:<br /> +- {{% if product in ["ol7", "ol8"] %}} +- {{{ weblink(link="https://docs.oracle.com/cd/E52668_01/E54670/html/ol7-encrypt-sec.html") }}}. +- {{% elif product == "sle12" %}} +- {{{ weblink(link="https://www.suse.com/documentation/sled-12/book_security/data/sec_security_cryptofs_y2.html") }}} +- {{% else %}} +- {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Encryption.html") }}}. +- {{% endif %}} + + rationale: |- + The risk of a system's physical compromise, particularly mobile systems such as +@@ -64,7 +55,7 @@ references: + cobit5: APO01.06,BAI02.01,BAI06.01,DSS04.07,DSS05.03,DSS05.04,DSS05.07,DSS06.02,DSS06.06 + cis-csc: 13,14 + stigid@sle12: SLES-12-010450 +- stigid@rhel8: RHEL-08-010030 ++ stigid@almalinux8: RHEL-08-010030 + + ocil_clause: 'partitions do not have a type of crypto_LUKS' + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml +index ab0fcaab..d4b587a3 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure /boot Located On Separate Partition' + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml +index 061eeae9..6b22489c 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml +@@ -37,7 +37,7 @@ references: + iso27001-2013: A.13.1.1,A.13.2.1,A.14.1.3 + cis-csc: 12,15,8 + cis@sle15: 1.1.14 +- stigid@rhel8: RHEL-08-010800 ++ stigid@almalinux8: RHEL-08-010800 + + {{{ complete_ocil_entry_separate_partition(part="/home") }}} + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml +index 2c0e346b..f6f7f74c 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure /opt Located On Separate Partition' + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml +index a4db4948..0a24d72d 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml +@@ -34,7 +34,7 @@ references: + iso27001-2013: A.13.1.1,A.13.2.1,A.14.1.3 + cis-csc: 12,15,8 + cis@sle15: 1.1.2 +- stigid@rhel8: RHEL-08-010543 ++ stigid@almalinux8: RHEL-08-010543 + + {{{ complete_ocil_entry_separate_partition(part="/tmp") }}} + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml +index 0956cb88..26784d02 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure /usr Located On Separate Partition' + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml +index 8190a4a4..20ab2733 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml +@@ -37,7 +37,7 @@ references: + iso27001-2013: A.13.1.1,A.13.2.1,A.14.1.3 + cis-csc: 12,15,8 + cis@sle15: 1.1.7 +- stigid@rhel8: RHEL-08-010540 ++ stigid@almalinux8: RHEL-08-010540 + + {{{ complete_ocil_entry_separate_partition(part="/var") }}} + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml +index 77ea8196..0f9b0040 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml +@@ -33,7 +33,7 @@ references: + cis-csc: 1,12,14,15,16,3,5,6,8 + srg: SRG-OS-000480-GPOS-00227 + cis@sle: 1.1.12 +- stigid@rhel8: RHEL-08-010541 ++ stigid@almalinux8: RHEL-08-010541 + + {{{ complete_ocil_entry_separate_partition(part="/var/log") }}} + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml +index 3ff8be67..8a200100 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml +@@ -40,7 +40,7 @@ references: + cobit5: APO11.04,APO13.01,BAI03.05,BAI04.04,DSS05.02,DSS05.04,DSS05.07,MEA02.01 + cis-csc: 1,12,13,14,15,16,2,3,5,6,8 + cis@sle15: 1.1.13 +- stigid@rhel8: RHEL-08-010542 ++ stigid@almalinux8: RHEL-08-010542 + + {{{ complete_ocil_entry_separate_partition(part="/var/log/audit") }}} + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +index 340af24c..85b93c3a 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhcos4,sle15,ubuntu1804 + + title: 'Ensure /var/tmp Located On Separate Partition' + +diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh +index db06c9f5..78fa2bbd 100644 +--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + dconf update +diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +index 3d37eee6..109b008b 100644 +--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles' + +diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +index d954668e..7fd1ade2 100644 +--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml ++++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle15 + + title: 'Configure GNOME3 DConf User Profile' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml +index a6066d34..04776bd2 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/bash/shared.sh +index d09f54ac..5b1d6a38 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/login-screen", "disable-restart-buttons", "true", "gdm.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +index 58274f44..3b48899f 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable the GNOME3 Login Restart and Shutdown Buttons' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml +index c4b757a4..66049602 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/bash/shared.sh +index 5b66d3f6..7795addd 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/login-screen", "disable-user-list", "true", "gdm.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +index 0dd463bb..e6a5dfe6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable the GNOME3 Login User List' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml +index a1cb94c4..118e0c63 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/bash/shared.sh +index 2310ca7c..ee07e1a9 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/login-screen", "enable-smartcard-authentication", "true", "gdm.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml +index c0ac9db8..b6dada19 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable the GNOME3 Login Smartcard Authentication' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml +index a41844f1..d169befb 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/bash/shared.sh +index 36df8ad6..af4316f9 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/login-screen", "allowed-failures" "3" "gdm.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml +index c85f0706..620f8307 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Set the GNOME3 Login Number of Failures' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml +index 189dace9..312c3526 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh +index 63faca98..b6bf6e6e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + if rpm --quiet -q gdm + then +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +index 0594702a..1f428176 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12 + + title: 'Disable GDM Automatic Login' + +@@ -39,7 +39,7 @@ references: + cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05 + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 +- stigid@rhel8: RHEL-08-010820 ++ stigid@almalinux8: RHEL-08-010820 + + ocil_clause: 'GDM allows users to automatically login' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml +index ef2933c5..0d72f6f6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh +index 569fccfa..b89d4cc5 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + if rpm --quiet -q gdm + then +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml +index 4d2915f4..cdb60270 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable GDM Guest Login' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml +index 0ca67c74..332a5018 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/group.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/group.yml +index 8e8b32f1..55d983ac 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/group.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/group.yml +@@ -8,11 +8,6 @@ description: |- + login automatically and/or with a guest account. The login screen should be configured + to prevent such behavior. + <br /><br /> +- {{% if product in ["ol7", "ol8"] %}} + For more information about enforcing preferences in the GNOME3 environment using the DConf + configuration system, see <b>{{{ weblink(link="http://wiki.gnome.org/dconf") }}}</b> and + the man page <tt>dconf(1)</tt>. +- {{% else %}} +- For more information about enforcing preferences in the GNOME3 environment using the DConf +- configuration system, see <b>{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/index.html") }}}/></b> and the man page <tt>dconf(1)</tt>. +- {{% endif %}} +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml +index 5a3c30d4..a63bdbc1 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh +index 5a521536..a7b333f6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount", "false", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +index eb56d946..5fef4aaf 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable GNOME3 Automounting' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml +index e0c9aedc..6c3fab55 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh +index 7a149750..136dbe20 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + + {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount-open", "false", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +index f14363a3..45e79fbe 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable GNOME3 Automount Opening' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml +index 7f01df14..da34df52 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh +index 4c3bcb95..6b82ace0 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + + {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "autorun-never", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +index 41c28174..fab46df6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable GNOME3 Automount running' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml +index a4da19fe..67ef50e2 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh +index 66768c6d..39bfef95 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + {{{ bash_dconf_settings("org/gnome/desktop/thumbnailers", "disable-all", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml +index 3348fbeb..08dd9951 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable All GNOME3 Thumbnailers' + +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml +index 22200f64..d434d71f 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh +index 9cc91fdc..6a1abf0d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + + {{{ bash_dconf_settings("org/gnome/nm-applet", "disable-wifi-create", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml +index 6e88631d..ae230db1 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable WIFI Network Connection Creation in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml +index 4b5a4687..e7ebb245 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh +index 49e3f7e6..60d65868 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + + {{{ bash_dconf_settings("org/gnome/nm-applet", "suppress-wireless-networks-available", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml +index 75479d95..e31d930d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable WIFI Network Notification in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml +index 2472417c..7cb3fb85 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh +index cfc0001b..78509b32 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/Vino", "authentication-methods", "['vnc']", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml +index bdb4eb1e..62a5478a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Require Credential Prompting for Remote Access in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml +index 63af198e..a636ca22 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh +index b10508ed..ea64385e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/Vino", "require-encryption", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml +index 5b3558a4..d510d679 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Require Encryption for Remote Access in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml +index 8b3d0342..02644248 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh +index 9c89da66..1386946e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "idle-activation-enabled", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +index 4071329c..b03bc2d0 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable GNOME3 Screensaver Idle Activation' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml +index 0247f8ad..e8f57199 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh +index 59a3bafa..d3c18c8d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_fedora + + + {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "idle-activation-enabled", "local.d", "00-security-settings-lock") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml +index 2d0e7108..d96da897 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml +index 05663ecf..7ef97783 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh +index ab0462e5..e9b3f8c1 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("inactivity_timeout_value") }}} + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +index cd33cd5b..5a17c8b9 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Set GNOME3 Screensaver Inactivity Timeout' + +@@ -48,7 +48,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-020060 ++ stigid@almalinux8: RHEL-08-020060 + + ocil_clause: 'idle-delay is not equal to or less than the expected value' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml +index a901c245..99f460f8 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh +index 5c37b1d9..8d6c0e21 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_screensaver_lock_delay") }}} + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +index d8a59655..b77695c3 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Set GNOME3 Screensaver Lock Delay After Activation Period' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml +index 2159f329..41f353f5 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh +index 5a516b50..3b749d90 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "lock-enabled", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +index aa492e1c..74248b6d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable GNOME3 Screensaver Lock After Idle Period' + +@@ -43,7 +43,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.4,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16 +- stigid@rhel8: RHEL-08-020030 ++ stigid@almalinux8: RHEL-08-020030 + + ocil_clause: 'screensaver locking is not enabled and/or has not been set or configured correctly' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml +index bb784e2c..685e6c94 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh +index ea46be4f..4385f506 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_fedora + + + {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "lock-enabled", "local.d", "00-security-settings-lock") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml +index 8267a04f..dc6b4e06 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml +index 818874f3..2e608658 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh +index 8dc079f7..14eafa50 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "picture-uri", "string ''", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +index b1a6ed79..e3208183 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Implement Blank Screensaver' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml +index 47fc886c..9d7e04d7 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh +index 9e563568..b81d73fd 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "show-full-name-in-top-bar", "false", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml +index 3b70ff28..e4264ab3 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Full User Name on Splash Shield' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml +index f6ed794d..e5de51d6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh +index 7e540988..6baf65b4 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "lock-delay", "local.d", "00-security-settings-lock") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +index 2cf9857a..cce1e1a3 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml +index 700b6d29..1bc0cf43 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh +index 8f4922b5..3478e9c9 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol + + + {{{ bash_dconf_lock("org/gnome/desktop/session", "idle-delay", "local.d", "00-security-settings-lock") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +index f0744412..b3b6001e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml +index 82b5623e..4c2ad58e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh +index ea1d6b88..0a1e0978 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + + {{{ bash_dconf_settings("org/gnome/settings-daemon/plugins/media-keys", "logout", "''", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +index d89bc407..68de6950 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3' + +@@ -45,7 +45,7 @@ references: + iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5 + cis-csc: 12,13,14,15,16,18,3,5 + stigid@rhel7: RHEL-07-020231 +- stigid@rhel8: RHEL-08-040171 ++ stigid@almalinux8: RHEL-08-040171 + + ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml +index 53138129..977b66cd 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh +index ffa7d125..4bca3f4d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + {{{ bash_dconf_settings("org/gnome/system/location", "enabled", "false", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml +index 92aa1136..0936600c 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Geolocation in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml +index 78d44cdf..d806b553 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Power Settings in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml +index f31fc597..d5f844c7 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/bash/shared.sh +index a3e88e2d..e3973afb 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + + {{{ bash_dconf_settings("org/gnome/desktop/lockdown", "user-administration-disabled", "true", "local.d", "00-security-settings") }}} +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml +index a585809a..bcb4d992 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable User Administration in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml +index 27b2e8e2..b93c5bcf 100644 +--- a/linux_os/guide/system/software/gnome/group.yml ++++ b/linux_os/guide/system/software/gnome/group.yml +@@ -12,7 +12,7 @@ description: |- + {{% if product in ['ol7', 'ol8'] %}} + Oracle Linux Graphical environment. + {{% else %}} +- Red Hat Graphical environment. ++ AlmaLinux Graphical environment. + {{% endif %}} + <br /><br /> + For more information on GNOME and the GNOME Project, see <b>{{{ weblink(link="https://www.gnome.org") }}}</b>. +diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml +index cdf34d43..59994c10 100644 +--- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml ++++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Remove the GDM Package Group' + +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml +index 48f65177..ee3dd478 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 + + title: 'The Installed Operating System Is FIPS 140-2 Certified' + +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +index 931be7e8..17fe400d 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +@@ -4,6 +4,7 @@ + The operating system installed on the system is supported by a vendor that provides security patches. + ") }}} + <criteria comment="Installed operating system is supported by a vendor" operator="OR"> ++ <extend_definition comment="Installed OS is ALMALINUX8" definition_ref="installed_OS_is_almalinux8" /> + <extend_definition comment="Installed OS is RHEL7" definition_ref="installed_OS_is_rhel7" /> + <extend_definition comment="Installed OS is RHEL8" definition_ref="installed_OS_is_rhel8" /> + <extend_definition comment="Installed OS is OL7" definition_ref="installed_OS_is_ol7_family" /> +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +index fba676f0..a3766aad 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'The Installed Operating System Is Vendor Supported' + +@@ -12,6 +12,9 @@ description: |- + {{% elif product in ["sle12", "sle15"] %}} + SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise + vendor, SUSE is responsible for providing security patches. ++{{% elif product == "almalinux8" %}} ++ AlmaLinux is supported by AlmaLinux. As the AlmaLinux ++ vendor, AlmaLinux is responsible for providing security patches. + {{% else %}} + Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise + Linux vendor, Red Hat, Inc. is responsible for providing security patches. +@@ -42,7 +45,7 @@ references: + nist-csf: ID.RA-1,PR.IP-12 + srg: SRG-OS-000480-GPOS-00227 + stigid@rhel7: RHEL-07-020250 +- stigid@rhel8: RHEL-08-010000 ++ stigid@almalinux8: RHEL-08-010000 + stigid@sle12: SLES-12-010000 + isa-62443-2009: 4.2.3,4.2.3.12,4.2.3.7,4.2.3.9 + cobit5: APO12.01,APO12.02,APO12.03,APO12.04,BAI03.10,DSS05.01,DSS05.02 +@@ -58,6 +61,8 @@ ocil: |- + <pre>$ grep -i "red hat" /etc/redhat-release</pre> + {{% elif product in ["ol7", "ol8"] %}} + <pre>$ grep -i "oracle" /etc/oracle-release</pre> ++{{% elif product in ["almalinux8"] %}} ++ <pre>$ grep -i "almalinux" /etc/almalinux-release</pre> + {{% elif product in ["sle12", "sle15"] %}} + <pre>$ grep -i "suse" /etc/os-release</pre> + {{% endif %}} +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh +index bbe14199..1709db74 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + + function remediate_bind_crypto_policy() { + CONFIG_FILE="/etc/named.conf" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +index 37ee1ced..d3ff892c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: 'Configure BIND to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh +index 89ff8c70..d47c3175 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + BIND_CONF='/etc/named.conf' +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh +index cd87ae3f..9ebf9beb 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + yum remove -y bind || true +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh +index 82e4df78..e0f97da7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = bind + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # We don't remediate anything if the config file is missing completely. + # remediation = none + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh +index 98417056..3fd63e3c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + BIND_CONF='/etc/named.conf' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh +index e30e126b..a31068d2 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + BIND_CONF='/etc/named.conf' +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml +index 09b6dbc8..47aa3417 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh +index d37f1263..7fa0db54 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + + # include remediation functions library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +index e6053913..2152a392 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: 'Configure System Cryptography Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +index bde213f9..7cfa1623 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # IMPORTANT: This is a false negative scenario. + # File /etc/crypto-policies/config can be newer than /etc/crypto-policies/state/current, +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +index d4dbf9c1..fccb7a6c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + update-crypto-policies --set "DEFAULT" + sleep 1s +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +index 69d14931..7663005c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + update-crypto-policies --set "FIPS:OSPP" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh +index b3f80441..2b8d9e09 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + + sed -i "1d" /etc/crypto-policies/config +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh +index 88aceae8..2ab30614 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + + rm /etc/crypto-policies/state/current +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +index 439dacff..76982f3c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + update-crypto-policies --set "FIPS:OSPP" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +index 4deaa265..38890ba9 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + update-crypto-policies --set "FIPS:OSPP" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +index b4acc304..972ab6f0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_e8 + + update-crypto-policies --set "DEFAULT:NO-SHA1" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh +index b918e7ae..f65b4797 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_standard + + update-crypto-policies --set "DEFAULT" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +index 8e311609..77ec5882 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + update-crypto-policies --set "FIPS:OSPP" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh +index 789caa81..8a3b2369 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + + sed -i "1s/.*/LEGACY/" /etc/crypto-policies/config +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml +index 0e0bb79a..e0315df6 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = true + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh +index be869edf..feedc09b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = true + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +index fe713aa6..d792b7bb 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: 'Configure Kerberos to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh +index abbb0b5e..d1f44392 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + rm -f /etc/krb5.conf.d/crypto-policies + ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh +index 143e90ae..961b4487 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + rm -f /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh +index fa05c359..f5577ee0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + rm -f /etc/krb5.conf.d/crypto-policies + ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml +index c529966c..c6e86eb6 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh +index ade7563b..f7448342 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + + function remediate_libreswan_crypto_policy() { + CONFIG_FILE="/etc/ipsec.conf" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +index 01d6f681..c6726d4d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: 'Configure Libreswan to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh +index cea521f6..e58dfa38 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + yum remove -y libreswan || true +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh +index e9457003..67235305 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh +index 1d493db1..0c5d1bf0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh +index de6bc16f..30ef6815 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh +index bfec1e0c..1ece3fd6 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml +index 986543c1..2474ec6d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh +index a0b30cce..74c3c53a 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + + OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]' + OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]' +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +index 49989867..1654980f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: 'Configure OpenSSL library to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh +index 58405c87..17bc6857 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh +index 0322165c..4740dd89 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh +index fe02074f..e6b21b04 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh +index 24c0556d..03710708 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml +index f92a496e..dc1009e9 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + # reboot = true + # strategy = disable + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh +index 7f288499..65f1800b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,Red Hat Virtualization 4 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +index 51788a32..52ebf21d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol8,rhel8,almalinux8,rhv4,rhcos4 + + title: 'Configure SSH to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh +index 46d05574..411e71ef 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh +index d53cb4db..3e9ad10b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh +index da769b5d..346433e4 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh +index 371f8aa2..2befcc1b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml +index d5c2c2b9..355c89d5 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh +index be6f84f8..5ee6dcd4 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + cp="Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" + file=/etc/crypto-policies/local.d/opensslcnf-ospp.config +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml +index f8fc85ae..8be6fcff 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Harden OpenSSL Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh +index 0debb6c7..f7e5d921 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh +index b1f745b6..2925fc55 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh +index a01e5d13..ecd34e6f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh +index d6fa6598..f33cb317 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh +index 573375dc..52fe8501 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh +index eecad423..cd8e604c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh +index 7a3b7c32..0eddf01d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensslcnf.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh +index 0222388f..4846cce0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + #the file starts with 02 so that it is loaded before the 05-redhat.conf which activates configuration provided by system vide crypto policy + file="/etc/ssh/ssh_config.d/02-ospp.conf" +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh +index 17bf0e67..c633df0b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh +index 9b8e954f..8edf32e2 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh +index 63538daa..3e042aa8 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh +index 4460f191..bcab9c7f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh +index 7c54b424..9e490182 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "#Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh +index 9da3614e..3f045e64 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh +index 3c198dd3..d264cb91 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh +index 05bccf0f..2913e604 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh +index 7a7b44aa..6c8973d3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh +index 352c0920..fe139103 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + rm -f "$file" +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh +index 7e433ef0..bc80daa1 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh +index 5b9c44d1..e8e69c07 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh +index 40957c0f..5127c281 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh +index ec44ce92..0975f5fe 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh +index 1310f724..15133197 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "RekeyLimit 512M 1h\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh +index d4ec1fe7..92a5a459 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh +index 91976a67..ca683377 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh +index 259cf23a..a20d9284 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh +index c933ac99..c54c8242 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh +index 7ff44b61..156ce61c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh +index 24e709ea..9689bc39 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh +index a25f9a30..ce8219f3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh +index 269d73db..c1c74c14 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh +index 2f7ca269..2710f6ec 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh +index 77ea3eaa..c0c59c20 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh +index 3e1a9f78..e9a3d380 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh +index b6ff5881..5198a648 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + file="/etc/ssh/ssh_config.d/02-ospp.conf" + echo -e "Match final all\n\ +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh +index 7a9a2a5e..25cf3fd3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + cp="CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'" + file=/etc/crypto-policies/local.d/opensshserver-ospp.config +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh +index d0541b7a..e3f47684 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh +index 44434606..503b9d3c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh +index a9222766..60b7a02f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh +index b1e285f9..c2bd5f7b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh +index 754195e4..37165976 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh +index 8bf264dc..4a1bb0ce 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh +index a7634669..a3d5a1af 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh +index 1928d2cf..6914ed91 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + configfile=/etc/crypto-policies/back-ends/opensshserver.config + +diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh +index d8c99350..a7db3346 100644 +--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + cat > /etc/profile.d/openssl-rand.sh <<- 'EOM' + {{{ openssl_strong_entropy_config_file() }}} +diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml +index d98526e4..51472607 100644 +--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # TODO: The plan is not to need this for RHEL>=8.4 +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'OpenSSL uses strong entropy source' + +diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh +index 6becf987..3f1fd277 100644 +--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + cat > /etc/profile.d/openssl-rand.sh <<- 'EOM' + # provide a default -rand /dev/random option to openssl commands that +diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh +index 72b7daab..f4236e6b 100644 +--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + rm -f /etc/profile.d/openssl-rand.sh +diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh +index 7034224c..19393e1d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo "wrong data" > /etc/profile.d/openssl-rand.sh +diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +index bde69a1b..c22c229f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'Install crypto-policies package' + +diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml +index e054892d..f86d3927 100644 +--- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,almalinux8,rhcos4 + + title: 'Configure session renegotiation for SSH client' + +@@ -31,7 +31,7 @@ identifiers: + references: + ospp: FCS_SSHS_EXT.1 + srg: SRG-OS-000423-GPOS-00187 +- stigid@rhel8: RHEL-08-040162 ++ stigid@almalinux8: RHEL-08-040162 + + ocil_clause: 'it is commented out or is not set' + +diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml +index 1ac4527f..563cc96b 100644 +--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml +index fc1f0d91..04c61d06 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install Virus Scanning Software' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml +index c12bbb35..db8a241b 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install Intrusion Detection Software' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml +index 68e974d8..5c46a849 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install McAfee Virus Scanning Software' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml +index 6e9f3bcb..a89f3228 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Install the McAfee Runtime Libraries and Linux Agent' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml +index 92c84953..844fd9d8 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Virus Scanning Software Definitions Are Updated' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml +index 0707fe44..99cdf980 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install the Asset Configuration Compliance Module (ACCM)' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml +index a237befa..3a88b4d0 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install the Policy Auditor (PA) Module' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml +index 9dc7e3ca..0654c2a3 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 + + title: 'Install the Host Intrusion Prevention System (HIPS) Module' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml +index b4272654..41a8486d 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable nails Service' + +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +index d9a33629..fecd5b5b 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: "Enable Dracut FIPS Module" + +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml +index b6c38443..ad7f71ce 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8 + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh +index 87476a7b..37673cc8 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4 + + fips-mode-setup --enable +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +index 558dfc89..84ad511d 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: Enable FIPS Mode + +@@ -39,7 +39,7 @@ references: + ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1 + srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176 + ism: "1446" +- stigid@rhel8: RHEL-08-010020 ++ stigid@almalinux8: RHEL-08-010020 + + ocil_clause: 'FIPS mode is not enabled' + +diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml +index 7b2076df..fae387a5 100644 +--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: Ensure '/etc/system-fips' exists + +diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml +index 77c78d57..adcaf4b2 100644 +--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml +@@ -18,7 +18,7 @@ description: |- + <li>On BIOS-based machines, issue the following command as <tt>root</tt>: + <pre>~]# grub2-mkconfig -o /boot/grub2/grub.cfg</pre></li> + <li>On UEFI-based machines, issue the following command as <tt>root</tt>: +- <pre>~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</pre></li> ++ <pre>~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</pre></li> + </ul> + + rationale: |- +diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +index b439a030..0c1194cd 100644 +--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8,rhv4 + + title: "Set kernel parameter 'crypto.fips_enabled' to 1" + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh +index 7c25aebf..19796558 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +index aa605c85..0d3ad729 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +index 59669052..ef1ef9f1 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Configure Periodic Execution of AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh +index fbe9ddbb..4d6d584a 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +index 80a0bce1..e4b8f780 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12 + + title: 'Configure Notification of Post-AIDE Scan Details' + +@@ -50,7 +50,7 @@ references: + stigid@sle12: SLES-12-010510 + srg@sle12: SRG-OS-000447-GPOS-00201 + disa@sle12: CCI-002702 +- stigid@rhel8: RHEL-08-010360 ++ stigid@almalinux8: RHEL-08-010360 + + ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh +index 3e829abf..96f5141d 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +index 1f86ed8a..8db7207e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh +index 9f9f96e4..e654ec2e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh +index 3c203720..8211c4ad 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh +index 1de7a6f8..6ff367fe 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +index 451ad976..170fb137 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure AIDE to Verify Access Control Lists (ACLs)' + +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,BAI03.05,BAI06.01,DSS06.02 + iso27001-2013: A.11.2.4,A.12.2.1,A.12.5.1,A.14.1.2,A.14.1.3,A.14.2.4 + cis-csc: 2,3 +- stigid@rhel8: RHEL-08-040310 ++ stigid@almalinux8: RHEL-08-040310 + + ocil_clause: 'the acl option is missing or not added to the correct ruleset' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh +index 9f9f96e4..e654ec2e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh +index fd664d46..a00afa56 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh +index 1bce723a..494f0902 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +index 3be8209a..b553a3df 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure AIDE to Verify Extended Attributes' + +@@ -36,7 +36,7 @@ references: + cobit5: APO01.06,BAI03.05,BAI06.01,DSS06.02 + iso27001-2013: A.11.2.4,A.12.2.1,A.12.5.1,A.14.1.2,A.14.1.3,A.14.2.4 + cis-csc: 2,3 +- stigid@rhel8: RHEL-08-040300 ++ stigid@almalinux8: RHEL-08-040300 + + ocil_clause: 'the xattrs option is missing or not added to the correct ruleset' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh +index 9f9f96e4..e654ec2e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh +index d02d969a..a88b92ab 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = aide +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol + + + cat >/etc/aide.conf <<EOL +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +index abf13a27..254e8814 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Install AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml +index 561ad620..1b8f6024 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml +@@ -1,5 +1,5 @@ + # and the regex_findall does not filter out configuration files the same as bash remediation does +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh +index b98aca62..5f85cf14 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names + files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )" +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +index b0a2d007..db1f41b4 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Verify File Hashes with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml +index ed490498..3be18da3 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh +index 329a00f5..d3cce1c0 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +index d4f76c4e..28587bd5 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Verify and Correct Ownership with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml +index 517cc38a..aaee589e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh +index 03cbc397..3a0fff79 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +index 87a4934c..42df0116 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 + + title: 'Verify and Correct File Permissions with RPM' + +diff --git a/linux_os/guide/system/software/sap_host/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/software/sap_host/accounts_authorized_local_users/rule.yml +index 51b839b5..390de3bb 100644 +--- a/linux_os/guide/system/software/sap_host/accounts_authorized_local_users/rule.yml ++++ b/linux_os/guide/system/software/sap_host/accounts_authorized_local_users/rule.yml +@@ -26,7 +26,7 @@ rationale: |- + severity: medium + + references: +- stigid@rhel8: RHEL-08-020320 ++ stigid@almalinux8: RHEL-08-020320 + + ocil_clause: 'there are unauthorized local user accounts on the system' + +diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +index 4b78278e..2a23ce62 100644 +--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml ++++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 + + title: 'Install sudo Package' + +diff --git a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml +index 477a3309..d2d63174 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml +@@ -1,13 +1,13 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure sudo Runs In A Minimal Environment - sudo env_reset' + + description: |- + The sudo <tt>env_reset</tt> tag, when specified, will run the command in a minimal environment, + containing the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER and SUDO_* variables. +-{{%- if product in ["rhel7", "rhel8"] %}} ++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}} + On {{{ full_name }}}, <tt>env_reset</tt> is enabled by default + {{%- endif %}} + This should be enabled by making sure that the <tt>env_reset</tt> tag exists in +diff --git a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml +index 2b4fd4be..74bf46f7 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml +@@ -1,13 +1,13 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot' + + description: |- + The sudo <tt>ignore_dot</tt> tag, when specified, will ignore the current directory + in the PATH environment variable. +-{{%- if product in ["rhel7", "rhel8"] %}} ++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}} + On {{{ full_name }}}, <tt>env_reset</tt> is enabled by default + {{%- endif %}} + This should be enabled by making sure that the <tt>ignore_dot</tt> tag exists in +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml +index d2100dd0..0544d745 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml +@@ -1,13 +1,13 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure sudo umask is appropriate - sudo umask' + + description: |- + The sudo <tt>umask</tt> tag, when specified, will be added the to the user's umask in the + command environment. +-{{%- if product in ["rhel7", "rhel8"] %}} ++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}} + On {{{ full_name }}}, the default <tt>umask</tt> value is 0022. + {{% endif %}} + The umask should be configured by making sure that the <tt>umask=sub_var_value("var_sudo_umask")</tt> tag exists in +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh +index 5d9a8b49..3710e371 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh +index c7f7aee3..e7e8a022 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh +index 2f41b65d..96a098ef 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh +index c86da249..c1ad2442 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh +index a812074a..e66bdc71 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml +index 770b7144..b1b86f8c 100644 +--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure a dedicated group owns sudo' + +diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh +index 1c87c96c..265432ee 100644 +--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # remediation = none + + # Make sure sudo is owned by root group +diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml +index d01fa446..3ebe8975 100644 +--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml +@@ -37,7 +37,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-010381 ++ stigid@almalinux8: RHEL-08-010381 + + ocil_clause: "!authenticate is enabled in sudo" + +diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml +index 382c4b88..b0aace1c 100644 +--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml +@@ -38,7 +38,7 @@ references: + cobit5: DSS05.04,DSS05.10,DSS06.03,DSS06.10 + iso27001-2013: A.18.1.4,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3 + cis-csc: 1,12,15,16,5 +- stigid@rhel8: RHEL-08-010380 ++ stigid@almalinux8: RHEL-08-010380 + + ocil_clause: 'nopasswd is enabled in sudo' + +diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml +index 4452e893..2dd446ce 100644 +--- a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure only owner and members of group owner of /usr/bin/sudo can execute it' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml +index ed2fc64d..e1994145 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-addon-ccpp Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml +index 8bbf9ea5..061a6e6f 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-addon-kerneloops Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml +index 9be8b08b..4a87ccc7 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-addon-python Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml +index 9aa7f11a..e3ec3182 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-cli Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml +index d970def6..917b5c60 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-plugin-logger Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml +index 7f7787a1..50d68b52 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-plugin-rhtsupport Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml +index 6107659d..1f1ae375 100644 +--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall abrt-plugin-sosreport Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml +index ec4f690a..c432c0cb 100644 +--- a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install binutils Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml +index 904ef627..8e934bf9 100644 +--- a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'Install dnf-plugin-subscription-manager Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml +index eef5d88b..03800f9a 100644 +--- a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall geolite2-city Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml +index 8022a4b1..da9c56cd 100644 +--- a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall geolite2-country Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +index fa94959f..b5c5271e 100644 +--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall gssproxy Package' + +@@ -18,7 +18,7 @@ identifiers: + + references: + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040370 ++ stigid@almalinux8: RHEL-08-040370 + + {{{ complete_ocil_entry_package(package="gssproxy") }}} + +diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +index 9ec5c88c..f877d5db 100644 +--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall iprutils Package' + +@@ -19,7 +19,7 @@ identifiers: + + references: + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040380 ++ stigid@almalinux8: RHEL-08-040380 + + {{{ complete_ocil_entry_package(package="iprutils") }}} + +diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +index 9753c2c7..822dedc7 100644 +--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall krb5-workstation Package' + +@@ -22,7 +22,7 @@ identifiers: + + references: + srg: SRG-OS-000095-GPOS-00049,SRG-OS-000120-GPOS-00061 +- stigid@rhel8: RHEL-08-010162 ++ stigid@almalinux8: RHEL-08-010162 + + {{{ complete_ocil_entry_package(package="krb5-workstation") }}} + +diff --git a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml +index 6696d589..a0122c7c 100644 +--- a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install libcap-ng-utils Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml +index a600b42f..886b9e7b 100644 +--- a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install openscap-scanner Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml +index 80a273bf..74169dbe 100644 +--- a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'Uninstall pigz Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +index 375301fd..875d9c00 100644 +--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Install rear Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +index 4ab170b4..001f4058 100644 +--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install rng-tools Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml +index 94bf947d..6adc1ab0 100644 +--- a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install scap-security-guide Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +index 59a04407..9e96523d 100644 +--- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Install subscription-manager Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml +index e5b9a440..e3c2435f 100644 +--- a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install tar Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +index f12bbc20..090e5bf4 100644 +--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Uninstall tuned Package' + +@@ -21,7 +21,7 @@ identifiers: + + references: + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040390 ++ stigid@almalinux8: RHEL-08-040390 + + {{{ complete_ocil_entry_package(package="tuned") }}} + +diff --git a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml +index f67605de..3949e06c 100644 +--- a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install vim Package' + +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml +index caaeb5cd..b1f397c0 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh +index ab8b8c47..129e923f 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_rhv + + if grep --silent ^clean_requirements_on_remove /etc/yum.conf ; then + sed -i "s/^clean_requirements_on_remove.*/clean_requirements_on_remove=1/g" /etc/yum.conf +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +index 6239e950..ab58e0f1 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions' + +@@ -33,7 +33,7 @@ references: + cobit5: APO12.01,APO12.02,APO12.03,APO12.04,BAI03.10,DSS05.01,DSS05.02 + iso27001-2013: A.12.6.1,A.14.2.3,A.16.1.3,A.18.2.2,A.18.2.3 + cis-csc: 18,20,4 +- stigid@rhel8: RHEL-08-010440 ++ stigid@almalinux8: RHEL-08-010440 + + ocil_clause: 'clean_requirements_on_remove is not enabled or configured correctly' + +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml +index 779189d9..209aee84 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/bash/shared.sh b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/bash/shared.sh +index 06bdd85e..100baa52 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + CONF="/etc/dnf/automatic.conf" + APPLY_UPDATES_REGEX="[[:space:]]*\[commands]([^\n\[]*\n+)+?[[:space:]]*apply_updates" +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml +index fd53efc5..c532e608 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: Configure dnf-automatic to Install Available Updates Automatically + +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml +index ecf8379a..dab9e3f4 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/bash/shared.sh b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/bash/shared.sh +index 7409103c..20027db3 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + CONF="/etc/dnf/automatic.conf" + APPLY_UPDATES_REGEX="[[:space:]]*\[commands]([^\n\[]*\n+)+?[[:space:]]*upgrade_type" +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml +index 1a61232b..a8d4486f 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: Configure dnf-automatic to Install Only Security Updates + +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +new file mode 100644 +index 00000000..dee95716 +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +@@ -0,0 +1,26 @@ ++# platform = multi_platform_almalinux ++readonly ALMALINUX_FINGERPRINT="5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8" ++ ++# Location of the key we would like to import (once it's integrity verified) ++readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux" ++ ++RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")") ++ ++# Verify /etc/pki/rpm-gpg directory permissions are safe ++if [ "${RPM_GPG_DIR_PERMS}" -le "755" ] ++then ++ # If they are safe, try to obtain fingerprints from the key file ++ # (to ensure there won't be e.g. CRC error) ++ readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10) ++ GPG_RESULT=$? ++ # No CRC error, safe to proceed ++ if [ "${GPG_RESULT}" -eq "0" ] ++ then ++ # Filter just hexadecimal fingerprints from gpg's output from ++ # processing of a key file ++ echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || { ++ # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it ++ rpm --import "${ALMALINUX_RELEASE_KEY}" ++ } ++ fi ++fi +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml +new file mode 100644 +index 00000000..fb92fdb8 +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml +@@ -0,0 +1,42 @@ ++<def-group> ++ <definition class="compliance" id="ensure_almalinux_gpgkey_installed" version="1"> ++ <metadata> ++ <title>AlmaLinux gpg-pubkey Package Installed ++ ++ multi_platform_almalinux ++ ++ The AlmaLinux key packages are required to be installed. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ gpg-pubkey ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ {{{ pkg_release }}} ++ {{{ pkg_version }}} ++ ++ ++ +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +new file mode 100644 +index 00000000..3e4fe227 +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +@@ -0,0 +1,46 @@ ++documentation_complete: true ++ ++prodtype: almalinux8 ++ ++title: 'Ensure AlmaLinux GPG Key Installed' ++ ++description: |- ++ To ensure the system can cryptographically verify base software ++ packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed. ++ To install the AlmaLinux GPG key, run: ++ 
$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
++ If the system is not connected to the Internet, ++ then install the AlmaLinux GPG key from trusted media such as ++ the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted ++ in /media/cdrom, use the following command as the root user to import ++ it into the keyring: ++ 
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY
++ ++rationale: |- ++ Changes to software components can have significant effects on the ++ overall security of the operating system. This requirement ensures ++ the software has not been tampered with and that it has been provided ++ by a trusted vendor. The AlmaLinux GPG key is necessary to ++ cryptographically verify packages are from AlmaLinux. ++ ++severity: high ++ ++references: ++ cis: 1.2.2 ++ disa: CCI-001749 ++ nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b) ++ nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ++ pcidss: Req-6.2 ++ isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6' ++ isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4 ++ cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02 ++ iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4 ++ cis-csc: 11,2,3,9 ++ ++ocil_clause: 'the AlmaLinux GPG Key is not installed' ++ ++ocil: |- ++ To ensure that the GPG key is installed, run: ++ 
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
++ The command should return the string below: ++ 
gpg(AlmaLinux <packager@almalinux.org>
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml +index 24be33be..2b784021 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +index 4469a468..80996789 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + + replace_or_append "{{{ pkg_manager_config_file }}}" '^gpgcheck' '1' '@CCENUM@' +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index 7d031c93..fedafce3 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +@@ -56,7 +56,7 @@ references: + cis-csc: 11,2,3,9 + anssi: BP28(R15) + stigid@sle12: SLES-12-010550 +- stigid@rhel8: RHEL-08-010370 ++ stigid@almalinux8: RHEL-08-010370 + + ocil_clause: 'GPG checking is not enabled' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml +index 68553a12..de4ed0e1 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/bash/shared.sh +index f012bc5c..4911ee96 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + + replace_or_append '{{{ pkg_manager_config_file }}}' '^localpkg_gpgcheck' '1' '@CCENUM@' +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +index 54a584cc..70b854df 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure gpgcheck Enabled for Local Packages' + +@@ -40,7 +40,7 @@ references: + iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,3,9 + anssi: BP28(R15) +- stigid@rhel8: RHEL-08-010371 ++ stigid@almalinux8: RHEL-08-010371 + + ocil_clause: 'gpgcheck is not enabled or configured correctly to verify local packages' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +index 05d707d1..eca20407 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +index a9b33d87..b1c33b4b 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +@@ -1,2 +1,2 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +index e9c7f707..ce49ab61 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml +index 1dc15ec6..e81f7f5d 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Ensure gpgcheck Enabled for Repository Metadata' + +diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +index 2c4b739e..6f59f28b 100644 +--- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml ++++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: 'Install dnf-automatic Package' + +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +index 70de60d2..18a53cc0 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = true + # strategy = patch + # complexity = low +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +index 32f67fe0..5c62fda1 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 + + title: 'Ensure Software Patches Installed' + +@@ -17,6 +17,11 @@ description: |- + 
$ sudo yum update
+ If the system is not configured to use one of these sources, updates (in the form of RPM packages) + can be manually downloaded from the ULN and installed using rpm. ++{{% elif product in ["almalinux8"] %}} ++ Run the following command to install updates: ++ 
$ sudo yum update
++ If the system is not configured to use repos, updates (in the form of RPM packages) ++ can be manually downloaded from the repos and installed using rpm. + {{% elif product in ["sle12", "sle15"] %}} + If the system is configured for online updates, invoking the following command will list available + security updates: +@@ -59,7 +64,7 @@ references: + iso27001-2013: A.12.6.1,A.14.2.3,A.16.1.3,A.18.2.2,A.18.2.3 + cis-csc: 18,20,4 + anssi: BP28(R08) +- stigid@rhel8: RHEL-08-010010 ++ stigid@almalinux8: RHEL-08-010010 + + + # SCAP 1.3 content should reference flat non compressed xml files +diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +index 38a3d8ac..f53a9057 100644 +--- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml ++++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,almalinux8 + + title: Enable dnf-automatic Timer + +diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml +index 7e2f41cd..1a9d9072 100644 +--- a/shared/checks/oval/install_mcafee_hbss.xml ++++ b/shared/checks/oval/install_mcafee_hbss.xml +@@ -10,6 +10,7 @@ + multi_platform_ol + multi_platform_rhcos + multi_platform_rhel ++ multi_platform_almalinux + multi_platform_rhv + multi_platform_sle + multi_platform_ubuntu +diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml +new file mode 100644 +index 00000000..91af880d +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_almalinux8.xml +@@ -0,0 +1,36 @@ ++ ++ ++ ++ AlmaLinux 8 ++ ++ multi_platform_all ++ ++ ++ ++ The operating system installed on the system is ++ AlmaLinux 8 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ^8.*$ ++ ++ ++ almalinux-release ++ ++ ++ +diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +index 1874500d..d3be6530 100644 +--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml ++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +@@ -9,6 +9,7 @@ + multi_platform_ol + multi_platform_rhcos + multi_platform_rhel ++ multi_platform_almalinux + multi_platform_rhv + multi_platform_sle + multi_platform_ubuntu +diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template +index f8478db7..7d4d984f 100644 +--- a/shared/templates/accounts_password/ansible.template ++++ b/shared/templates/accounts_password/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template +index 64d1be69..7bbb1772 100644 +--- a/shared/templates/accounts_password/bash.template ++++ b/shared/templates/accounts_password/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template +index 70101ca7..2a6bb97a 100644 +--- a/shared/templates/audit_rules_dac_modification/ansible.template ++++ b/shared/templates/audit_rules_dac_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template +index f0d3b697..b62628b0 100644 +--- a/shared/templates/audit_rules_dac_modification/bash.template ++++ b/shared/templates/audit_rules_dac_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template +index f07ca6a9..af54286b 100644 +--- a/shared/templates/audit_rules_file_deletion_events/ansible.template ++++ b/shared/templates/audit_rules_file_deletion_events/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template +index c387624c..84a287ec 100644 +--- a/shared/templates/audit_rules_file_deletion_events/bash.template ++++ b/shared/templates/audit_rules_file_deletion_events/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template +index 4b32771c..4de3c0d4 100644 +--- a/shared/templates/audit_rules_login_events/ansible.template ++++ b/shared/templates/audit_rules_login_events/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template +index 065e8bb2..98a162fc 100644 +--- a/shared/templates/audit_rules_login_events/bash.template ++++ b/shared/templates/audit_rules_login_events/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template +index d519609f..53e935b4 100644 +--- a/shared/templates/audit_rules_path_syscall/ansible.template ++++ b/shared/templates/audit_rules_path_syscall/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template +index c3d31aad..500781fa 100644 +--- a/shared/templates/audit_rules_path_syscall/bash.template ++++ b/shared/templates/audit_rules_path_syscall/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template +index 1c5a8b6b..a89bca78 100644 +--- a/shared/templates/audit_rules_privileged_commands/ansible.template ++++ b/shared/templates/audit_rules_privileged_commands/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template +index 42e12671..9dddede7 100644 +--- a/shared/templates/audit_rules_privileged_commands/bash.template ++++ b/shared/templates/audit_rules_privileged_commands/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template +index 8e8e003a..4624f714 100644 +--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template ++++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template +index e89ac074..94ca25ef 100644 +--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template ++++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template +index ea9738ec..eba27777 100644 +--- a/shared/templates/audit_rules_usergroup_modification/ansible.template ++++ b/shared/templates/audit_rules_usergroup_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template +index 21524172..965c3f3f 100644 +--- a/shared/templates/audit_rules_usergroup_modification/bash.template ++++ b/shared/templates/audit_rules_usergroup_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template +index 6f01abc6..270da388 100644 +--- a/shared/templates/grub2_bootloader_argument/ansible.template ++++ b/shared/templates/grub2_bootloader_argument/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template +index b7478d3e..477468b2 100644 +--- a/shared/templates/grub2_bootloader_argument/bash.template ++++ b/shared/templates/grub2_bootloader_argument/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{% if product in ["rhel7", "ol7"] %}} + # Correct the form of default kernel command line in GRUB +diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template +index c4a83ad3..08b03872 100644 +--- a/shared/templates/kernel_module_disabled/ansible.template ++++ b/shared/templates/kernel_module_disabled/ansible.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template +index f70a9925..7da52ec5 100644 +--- a/shared/templates/kernel_module_disabled/bash.template ++++ b/shared/templates/kernel_module_disabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template +index 5093c926..7893bb44 100644 +--- a/shared/templates/mount/anaconda.template ++++ b/shared/templates/mount/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template +index 0a54865e..e3208649 100644 +--- a/shared/templates/mount_option/anaconda.template ++++ b/shared/templates/mount_option/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template +index b4510ae8..ca6fd4a1 100644 +--- a/shared/templates/mount_option_removable_partitions/anaconda.template ++++ b/shared/templates/mount_option_removable_partitions/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template +index 0ac55f51..dd0bcdde 100644 +--- a/shared/templates/package_installed/anaconda.template ++++ b/shared/templates/package_installed/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template +index 473feef5..ef56a56a 100644 +--- a/shared/templates/package_installed/bash.template ++++ b/shared/templates/package_installed/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template +index 489f9bb0..0120d927 100644 +--- a/shared/templates/package_removed/anaconda.template ++++ b/shared/templates/package_removed/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template +index 38d7c7c3..0ae3e60b 100644 +--- a/shared/templates/sebool/ansible.template ++++ b/shared/templates/sebool/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +@@ -13,7 +13,7 @@ + {{% else %}} + - (xccdf-var var_{{{ SEBOOLID }}}) + +-{{% if product == "rhel8" %}} ++{{% if product == "rhel8" or product == "almalinux8" %}} + - name: Ensure python3-libsemanage installed + package: + name: python3-libsemanage +diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template +index e9aab9d9..b01beace 100644 +--- a/shared/templates/sebool/bash.template ++++ b/shared/templates/sebool/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template +index b9bf1b5b..79783edb 100644 +--- a/shared/templates/service_disabled/bash.template ++++ b/shared/templates/service_disabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template +index 1ab45652..724e7b77 100644 +--- a/shared/templates/service_disabled/kubernetes.template ++++ b/shared/templates/service_disabled/kubernetes.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template +index 5a6b09f9..96393898 100644 +--- a/shared/templates/service_enabled/bash.template ++++ b/shared/templates/service_enabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template +index a762794a..bd3f2d9c 100644 +--- a/shared/templates/sysctl/bash.template ++++ b/shared/templates/sysctl/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template +index 7e73d391..abe8838a 100644 +--- a/shared/templates/zipl_bls_entries_option/ansible.template ++++ b/shared/templates/zipl_bls_entries_option/ansible.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = true + # strategy = configure + # complexity = medium +diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template +index d0faeb80..e0b776fe 100644 +--- a/shared/templates/zipl_bls_entries_option/bash.template ++++ b/shared/templates/zipl_bls_entries_option/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + # Correct BLS option using grubby, which is a thin wrapper around BLS operations + grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}" +diff --git a/ssg/constants.py b/ssg/constants.py +index 589c955f..736b4228 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -5,6 +5,7 @@ import datetime + import os.path + + product_directories = [ ++ 'almalinux8', + 'chromium', + 'debian9', 'debian10', + 'example', +@@ -140,6 +141,7 @@ PKG_MANAGER_TO_CONFIG_FILE = { + } + + FULL_NAME_TO_PRODUCT_MAPPING = { ++ "AlmaLinux 8": "almalinux8", + "Chromium": "chromium", + "Debian 9": "debian9", + "Debian 10": "debian10", +@@ -180,10 +182,11 @@ REF_PREFIX_MAP = { + "stigid": "DISA-STIG", + } + +-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu", ++MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu", + "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "example"] + + MULTI_PLATFORM_MAPPING = { ++ "multi_platform_almalinux": ["almalinux8"], + "multi_platform_debian": ["debian9", "debian10"], + "multi_platform_example": ["example"], + "multi_platform_fedora": ["fedora"], +@@ -362,6 +365,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = { + 'ol': 'Oracle Linux', + 'ocp': 'Red Hat OpenShift Container Platform', + 'rhcos': 'Red Hat Enterprise Linux CoreOS', ++ 'almalinux': 'AlmaLinux', + } + + +diff --git a/tests/shared/grub2.sh b/tests/shared/grub2.sh +index bce7683a..9d34864f 100644 +--- a/tests/shared/grub2.sh ++++ b/tests/shared/grub2.sh +@@ -4,7 +4,7 @@ function set_grub_uefi_root { + if grep NAME /etc/os-release | grep -iq fedora; then + GRUB_CFG_ROOT=/boot/efi/EFI/fedora + else +- GRUB_CFG_ROOT=/boot/efi/EFI/redhat ++ GRUB_CFG_ROOT=/boot/efi/EFI/almalinux + fi + } + +diff --git a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml +index 8d79d102..77dc3115 100644 +--- a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml ++++ b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml +@@ -19,7 +19,7 @@ oval_external_content: null + platform: machine + # TODO: Make Rule get this from group, so it can be saved here + # platform: null +-prodtype: rhel7,rhel8,fedora,ol7,ol8 ++prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8 + rationale: Only root should be able to modify important boot parameters. + references: {cis: 1.4.1, cis-csc: '12,13,14,15,16,18,3,5', cjis: 5.5.2.2, cobit5: 'APO01.06,DSS05.04,DSS05.07,DSS06.02', + cui: 3.4.5, disa: 'CCI-000225', hipaa: '164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)', +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml +index ff0b30f0..0116294f 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml +index 08d2749a..db93b129 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml +@@ -13,7 +13,7 @@ ocil: 'Check the file /etc/selinux/config and ensure the following line + ocil_clause: SELINUX is not set to enforcing + oval_external_content: null + platform: machine +-prodtype: rhel7,rhel8,fedora,ol7,ol8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8,rhv4 + rationale: 'Setting the SELinux state to enforcing ensures SELinux is able to confine + + potentially compromised processes to the security policy, which is designed to +diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py +index 95264af9..810fa55f 100755 +--- a/utils/ansible_playbook_to_role.py ++++ b/utils/ansible_playbook_to_role.py +@@ -57,6 +57,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor) + PRODUCT_WHITELIST = set([ + "rhel7", + "rhel8", ++ "almalinux8", + "rhv4", + ]) + diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index fe7f9b4..1427aa5 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -3,7 +3,7 @@ Name: scap-security-guide Version: 0.1.54 -Release: 5%{?dist} +Release: 5%{?dist}.alma.1 Summary: Security guidance and baselines in SCAP formats Group: Applications/System License: BSD @@ -43,6 +43,9 @@ Patch27: scap-security-guide-0.1.55-remove_auditd_data_retention_space_left_fro # Untill ANSSI High profile is shipped we drop the ks too Patch28: remove-ANSSI-high-ks.patch +# AlmaLinux patches +Patch1001: 0001-Add-AlmaLinux-8-support.patch + BuildArch: noarch # To get python3 inside the buildroot require its path explicitly in BuildRequires @@ -58,8 +61,8 @@ system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy -requirements and specific implementation guidelines. The Red Hat Enterprise -Linux 8 system administrator can use the oscap CLI tool from openscap-scanner +requirements and specific implementation guidelines. The AlmaLinux 8 +system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. @@ -105,14 +108,18 @@ present in %{name} package. %patch26 -p1 %patch27 -p1 %patch28 -p1 + +%patch1001 -p1 + mkdir build %build cd build %cmake \ -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \ --DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \ --DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ +-DSSG_PRODUCT_RHEL7:BOOLEAN=FALSE \ +-DSSG_PRODUCT_RHEL8:BOOLEAN=FALSE \ +-DSSG_PRODUCT_ALMALINUX8:BOOLEAN=TRUE \ -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \ @@ -124,9 +131,10 @@ cd build %make_install # Manually install pre-built rhel6 content -cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot} -cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name} -cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} +# Disabled on AlmaLinux +# cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot} +# cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name} +# cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} %files %{_datadir}/xml/scap/ssg/content @@ -143,6 +151,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %doc %{_docdir}/%{name}/tables/*.html %changelog +* Mon Apr 19 2021 Andrew Lukoshko - 0.1.54-5.alma +- Add AlmaLinux support + * Wed Feb 17 2021 Watson Sato - 0.1.54-5 - Remove Kickstart for not shipped profile (RHBZ#1778188)